<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><span class="vcard"><a class="email" href="mailto:ossy@webkit.org" title="Csaba Osztrogonác <ossy@webkit.org>"> <span class="fn">Csaba Osztrogonác</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - REGRESSION(r200383): It made all JSC stress tests crash on ARMv7 Thumb2"
href="https://bugs.webkit.org/show_bug.cgi?id=157340">bug 157340</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">CC</td>
<td>
</td>
<td>ossy@webkit.org
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - REGRESSION(r200383): It made all JSC stress tests crash on ARMv7 Thumb2"
href="https://bugs.webkit.org/show_bug.cgi?id=157340#c1">Comment # 1</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - REGRESSION(r200383): It made all JSC stress tests crash on ARMv7 Thumb2"
href="https://bugs.webkit.org/show_bug.cgi?id=157340">bug 157340</a>
from <span class="vcard"><a class="email" href="mailto:ossy@webkit.org" title="Csaba Osztrogonác <ossy@webkit.org>"> <span class="fn">Csaba Osztrogonác</span></a>
</span></b>
<pre>Here is a relase backtrace:
$ ./jsc
Illegal instruction (core dumped)
linaro@linaro-alip:/ramdisk/thumb2/jsc-stress-results/.vm/JavaScriptCore.framework/Resources$ gdb ./jsc core
GNU gdb (Ubuntu 7.7-0ubuntu3) 7.7
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <<a href="http://gnu.org/licenses/gpl.html">http://gnu.org/licenses/gpl.html</a>>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<<a href="http://www.gnu.org/software/gdb/bugs/">http://www.gnu.org/software/gdb/bugs/</a>>.
Find the GDB manual and other documentation resources online at:
<<a href="http://www.gnu.org/software/gdb/documentation/">http://www.gnu.org/software/gdb/documentation/</a>>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./jsc...(no debugging symbols found)...done.
[New LWP 23648]
[New LWP 23655]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
Core was generated by `./jsc'.
Program terminated with signal SIGILL, Illegal instruction.
#0 0xb6cd1b7c in JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&) ()
from /home/webkitbuildbot/slaves/jsconly-thumb2/buildslave/jsconly-linux-armv7-thumb2-release/build/WebKitBuild/Release/lib/libJavaScriptCore.so.1
(gdb) bt
#0 0xb6cd1b7c in JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&) ()
from /home/webkitbuildbot/slaves/jsconly-thumb2/buildslave/jsconly-linux-armv7-thumb2-release/build/WebKitBuild/Release/lib/libJavaScriptCore.so.1
#1 0xb6c5080e in JSC::ArrayPrototype::finishCreation(JSC::VM&, JSC::JSGlobalObject*) ()
from /home/webkitbuildbot/slaves/jsconly-thumb2/buildslave/jsconly-linux-armv7-thumb2-release/build/WebKitBuild/Release/lib/libJavaScriptCore.so.1
#2 0x7e78c0b6 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
disassembly:
...
0xb6cd1b70 <JSC::getTemplateObject(JSC::ExecState*)+28>: mvnne.w r1, #4
0xb6cd1b74 <JSC::getTemplateObject(JSC::ExecState*)+32>: mvneq.w r1, #5
0xb6cd1b78 <JSC::getTemplateObject(JSC::ExecState*)+36>: pop {r3, pc}
0xb6cd1b7a: nop
=> 0xb6cd1b7c <JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)+0>: str.w r4, [sp, #-20]!
0xb6cd1b80 <JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)+4>: strd r5, r6, [sp, #4]
0xb6cd1b84 <JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)+8>: ldr r5, [pc, #132] ; (0xb6cd1c0c <JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)+144>)
...</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>