<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - FTL: Dumping disassembly requires that code origin is set when making polymorphic tail calls."
href="https://bugs.webkit.org/show_bug.cgi?id=165747">165747</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>FTL: Dumping disassembly requires that code origin is set when making polymorphic tail calls.
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>msaboff@apple.com
</td>
</tr></table>
<p>
<div>
<pre>If you try to dump disassembly in code with a polymorphic tail call, you get a crash similar to:
ASSERTION FAILED: codeBlock()->canGetCodeOrigin(index)
/Volumes/Data/src/webkit/Source/JavaScriptCore/interpreter/CallFrame.cpp(172) : JSC::CodeOrigin JSC::ExecState::codeOrigin()
1 0x106b918fd WTFCrash
2 0x105c28eef JSC::ExecState::codeOrigin()
3 0x1068b24f3 JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine(JSC::MacroAssemblerCodeRef const&, JSC::VM&, JSC::JSCell const*, JSC::ExecState*, JSC::CallLinkInfo&, WTF::Vector<JSC::PolymorphicCallCase, 0ul, WTF::CrashOnOverflow, 16ul> const&, std::__1::unique_ptr<unsigned int [], std::__1::default_delete<unsigned int []> >)
4 0x1068b2916 JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine(JSC::MacroAssemblerCodeRef const&, JSC::VM&, JSC::JSCell const*, JSC::ExecState*, JSC::CallLinkInfo&, WTF::Vector<JSC::PolymorphicCallCase, 0ul, WTF::CrashOnOverflow, 16ul> const&, std::__1::unique_ptr<unsigned int [], std::__1::default_delete<unsigned int []> >)
5 0x106921956 JSC::linkPolymorphicCall(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CallVariant)
6 0x1064e3ba8 operationLinkPolymorphicCall
7 0x2af7dcc01ada
8 0x2af7dcc0e86a
9 0x2af7dcc0e01a
10 0x1066f4185 llint_entry
11 0x1066eca4e vmEntryToJavaScript
12 0x1064d0af2 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
13 0x10644bc94 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*)
14 0x105cf879d JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
15 0x10348c121 runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::String const&, bool, bool, bool)
16 0x103483f9a runJSC(JSC::VM*, CommandLine)
17 0x103482afd jscmain(int, char**)
18 0x103482a4e main
19 0x7fffbfa88255 start
Segmentation fault: 11</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>