<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - WebAssembly: function-tests/load-offset.js fails on ARM64"
href="https://bugs.webkit.org/show_bug.cgi?id=169724">169724</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>WebAssembly: function-tests/load-offset.js fails on ARM64
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>jfbastien@apple.com
</td>
</tr>
<tr>
<th>CC</th>
<td>fpizlo@apple.com, jfbastien@apple.com, keith_miller@apple.com, mark.lam@apple.com, msaboff@apple.com, sbarati@apple.com
</td>
</tr>
<tr>
<th>Blocks</th>
<td>161709
</td>
</tr></table>
<p>
<div>
<pre>Segfaults on ARM64, not on x86:
# DYLD_FRAMEWORK_PATH=... lldb .../jsc -- -m --useWebAssembly=1 ./function-tests/load-offset.js ; echo $?
(lldb) r
Process 64578 stopped
* thread #1: tid = 0x5a2002, 0x00000002cca6d860, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2c2800004)
frame #0: 0x00000002cca6d860
-> 0x2cca6d860: ldur w0, [x1, #4]
0x2cca6d864: movz x1, #0xf38
0x2cca6d868: movk x1, #0xa0, lsl #16
0x2cca6d86c: movk x1, #0x1, lsl #32
(lldb) bt
* thread #1: tid = 0x5a2002, 0x00000002cca6d860, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2c2800004)
* frame #0: 0x00000002cca6d860
frame #1: 0x00000002cca6d8f4
frame #2: 0x0000000100861fc8 JavaScriptCore`llintPCRangeStart + 264
frame #3: 0x0000000100a4bc44 JavaScriptCore`JSC::callWebAssemblyFunction(JSC::ExecState*) + 1620
frame #4: 0x000000010085fbf4 JavaScriptCore`JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) + 384
frame #5: 0x00000001008688a8 JavaScriptCore`llint_entry + 26392
frame #6: 0x0000000100861fc8 JavaScriptCore`llintPCRangeStart + 264
frame #7: 0x00000001006fd9b4 JavaScriptCore`JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 136
frame #8: 0x00000001006d1278 JavaScriptCore`JSC::Interpreter::execute(JSC::ModuleProgramExecutable*, JSC::ExecState*, JSC::JSModuleEnvironment*) + 468
frame #9: 0x000000010078d800 JavaScriptCore`JSC::JSModuleRecord::evaluate(JSC::ExecState*) + 60
frame #10: 0x0000000100789cb8 JavaScriptCore`JSC::JSModuleLoader::evaluate(JSC::ExecState*, JSC::JSValue, JSC::JSValue, JSC::JSValue) + 412
frame #11: 0x00000002cca50030
frame #12: 0x0000000100868854 JavaScriptCore`llint_entry + 26308
frame #13: 0x00000001008688b8 JavaScriptCore`llint_entry + 26408
frame #14: 0x00000002cca584a0
frame #15: 0x0000000100861fc8 JavaScriptCore`llintPCRangeStart + 264
frame #16: 0x00000001006fd9b4 JavaScriptCore`JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 136
frame #17: 0x00000001006d0aec JavaScriptCore`JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 400
frame #18: 0x0000000100330c60 JavaScriptCore`JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 168
frame #19: 0x0000000100783628 JavaScriptCore`JSC::JSJobMicrotask::run(JSC::ExecState*) + 400
frame #20: 0x00000001009f2f58 JavaScriptCore`JSC::VM::drainMicrotasks() + 272
frame #21: 0x0000000100007b40 jsc`jscmain(int, char**) + 3328
frame #22: 0x0000000100006e30 jsc`main + 52
frame #23: 0x0000000182ddd59c libdyld.dylib`start + 4</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>