Bug 155784

Summary: REGRESSION(r198554): It made many regexp tests crash on ARMv7 Thumb2 platforms
Product: WebKit Reporter: Csaba Osztrogonác <ossy>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Critical CC: cgarcia, clopez, fpizlo, gyuyoung.kim, jh718.park, msaboff, ossy
Priority: P1    
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 108645, 155711    

Csaba Osztrogonác
Reported 2016-03-22 23:59:44 PDT
JSCOnly Linux ARMv7 Thumb2 Release - before: 139 fails - https://build.webkit.org/builders/JSCOnly%20Linux%20ARMv7%20Thumb2%20Release/builds/3 - after: 279 fails - https://build.webkit.org/builders/JSCOnly%20Linux%20ARMv7%20Thumb2%20Release/builds/4 GTK Linux ARM Release - before: 119 fails - https://build.webkit.org/builders/GTK%20Linux%20ARM%20Release/builds/10635 - after: 191 fails - https://build.webkit.org/builders/GTK%20Linux%20ARM%20Release/builds/10636 ARMv7 Traditional (ARMAssembler with ARM instruction set) and AArch64 platforms aren't affected. (note: I just reported this bug, but I don't have any time to investigate, debug, help fixing, create backtraces, etc.)
Attachments
Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2016-03-23 09:30:59 PDT
We are not seeing any of these crashes on iOS ARMv7 bots. When you can, please provide a stack trace for one of these failures.
Csaba Osztrogonác
Comment 2 2016-03-23 11:19:57 PDT
managed to get backtrace: $ ./jsc regexp-match.js --useLLInt=false ASSERTION FAILED: !(reinterpret_cast<intptr_t>(to) & 1) ../../Source/JavaScriptCore/assembler/ARMv7Assembler.h(2206) : static void JSC::ARMv7Assembler::relinkJump(void*, void*) 1 0xb64bc334 WTFCrash 2 0xb5f9d108 JSC::ARMv7Assembler::relinkJump(void*, void*) 3 0xb61c94bc JSC::AbstractMacroAssembler<JSC::ARMv7Assembler, JSC::MacroAssemblerARMv7>::repatchNearCall(JSC::CodeLocationNearCall, JSC::CodeLocationLabel) 4 0xb61c650a JSC::linkFor(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CodeBlock*, JSC::JSFunction*, JSC::MacroAssemblerCodePtr) 5 0xb61a61f6 Segmentation fault (core dumped)
Csaba Osztrogonác
Comment 3 2016-03-23 11:21:10 PDT
Maybe it is a dup of bug154857 or bug154857 simply hides this bug.
Csaba Osztrogonác
Comment 4 2016-04-05 09:32:56 PDT
It seesm it is a dup of It seesm it is a dup of bug155790 *** This bug has been marked as a duplicate of bug 155790 ***
Note You need to log in before you can comment on or make changes to this bug.