310768 2026-03-25 21:42:45 -0700 REGRESSION(309850@main): [GTK][JSC] build-webkit --gtk --debug reports "ASSERTION FAILED: i64_load_mem" while generating WebKit-6.0.gir 2026-04-03 20:27:13 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 fujii fujii aperez webkit-bug-importer oldest_to_newest 2193741 0 fujii 2026-03-25 21:42:45 -0700 [GTK][JSC] build-webkit --gtk --debug reports "ASSERTION FAILED: i64_load_mem" while generating WebKit-6.0.gir I'm using clang 18, and invoking "build-webkit --gtk --debug" with 309959@main. FAILED: WebKit-6.0.gir /sdk/webkit/WebKitBuild/GTK/Debug/WebKit-6.0.gir cd /sdk/webkit && /usr/bin/cmake -E env CC=/usr/local/bin/clang (...) ASSERTION FAILED: i64_load_mem (char*)(untaggedPtr) - (char*)(untaggedBase) == 0x29 * alignIPInt ../../../Source/JavaScriptCore/llint/InPlaceInterpreter.cpp(79) : void JSC::IPInt::initialize() 1 0x7f03e12d80ff JSC::IPInt::initialize() 2 0x7f03e12fc339 JSC::LLInt::initialize() 3 0x7f03e173e33d JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0::operator()() const 4 0x7f03e173e295 void std::__invoke_impl<void, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::__invoke_other, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&) 5 0x7f03e173e275 std::__invoke_result<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>::type std::__invoke<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&) 6 0x7f03e173e258 std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&)::{lambda()#1}::operator()() const 7 0x7f03e173e234 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&)::{lambda()#1}>(JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&)::{lambda()#1}::operator()() const 8 0x7f03e173e201 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&)::{lambda()#1}>(JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&)::{lambda()#1}::__invoke() 9 0x7f03dcb3ded3 __pthread_once_slow 10 0x7f03e173e1ab __gthread_once(int*, void (*)()) 11 0x7f03e1702ac5 void std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&) 12 0x7f03e1702a84 JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&) 13 0x7f03e1702a52 _ZN3JSC10initializeITkN3WTF9InvocableIFvvEEEZNS_10initializeEvE3$_0EEvRKT_ 14 0x7f03e1702a21 JSC::initialize() 15 0x7f03ee1b5ca9 WebKit::InitializeWebKit2() 16 0x7f03ee78c7b7 WebKit::webkitInitialize()::$_0::operator()() const 17 0x7f03ee78c775 void std::__invoke_impl<void, WebKit::webkitInitialize()::$_0>(std::__invoke_other, WebKit::webkitInitialize()::$_0&&) 18 0x7f03ee78c755 std::__invoke_result<WebKit::webkitInitialize()::$_0>::type std::__invoke<WebKit::webkitInitialize()::$_0>(WebKit::webkitInitialize()::$_0&&) 19 0x7f03ee78c738 std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&)::{lambda()#1}::operator()() const 20 0x7f03ee78c714 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&)::{lambda()#1}>(WebKit::webkitInitialize()::$_0&)::{lambda()#1}::operator()() const 21 0x7f03ee78c6e1 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&)::{lambda()#1}>(WebKit::webkitInitialize()::$_0&)::{lambda()#1}::__invoke() 22 0x7f03dcb3ded3 __pthread_once_slow 23 0x7f03ee78c68b __gthread_once(int*, void (*)()) 24 0x7f03ee78c5d5 void std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&) 25 0x7f03ee78c598 WebKit::webkitInitialize() 26 0x7f03ee78f1b1 webkit_input_method_context_class_init(_WebKitInputMethodContextClass*) 27 0x7f03ee78f139 webkit_input_method_context_class_intern_init(void*, void*) 28 0x7f03dcce7ebe g_type_class_ref 29 0x55ca83026d53 dump_properties 30 0x55ca830264d2 dump_object_type 31 0x55ca83025f11 dump_type 2193742 1 fujii 2026-03-25 22:01:57 -0700 jsc also crashes. fujii@wkdev $ ./WebKitBuild/GTK/Debug/bin/jsc ASSERTION FAILED: i64_load_mem (char*)(untaggedPtr) - (char*)(untaggedBase) == 0x29 * alignIPInt ../../../Source/JavaScriptCore/llint/InPlaceInterpreter.cpp(79) : void JSC::IPInt::initialize() [...] 2193754 2 fujii 2026-03-25 22:46:50 -0700 309850@main is the regression point. 2194148 3 fujii 2026-03-26 17:30:18 -0700 *** This bug has been marked as a duplicate of bug 310834 *** 2194955 4 fujii 2026-03-29 18:57:24 -0700 Still happening even after 310045@main. Reopened. 2195007 5 fujii 2026-03-29 23:15:12 -0700 Comparing the sizes of ipint_i32_load_mem_validate of debug and release builds. fujii@wkdev $ objdump -x WebKitBuild/GTK/Debug/Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o | grep -C5 ipint_i32_load_mem_validate 000000000002de00 g F .text 0000000000000000 .hidden ipint_table_get_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_get 000000000002df00 g F .text 0000000000000000 .hidden ipint_table_set_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_set 000000000002e000 g F .text 0000000000000000 .hidden ipint_reserved_0x27_validate 000000000002e100 g F .text 0000000000000000 .hidden ipint_i32_load_mem_validate 000000000002e300 g F .text 0000000000000000 .hidden ipint_i64_load_mem_validate 000000000002e500 g F .text 0000000000000000 .hidden ipint_f32_load_mem_validate 000000000002e700 g F .text 0000000000000000 .hidden ipint_f64_load_mem_validate 000000000002e900 g F .text 0000000000000000 .hidden ipint_i32_load8s_mem_validate 000000000002eb00 g F .text 0000000000000000 .hidden ipint_i32_load8u_mem_validate fujii@wkdev $ objdump -x WebKitBuild/GTK/Release/Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o | grep -C5 ipint_i32_load_mem_validate 0000000000025800 g F .text 0000000000000000 .hidden ipint_table_get_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_get 0000000000025900 g F .text 0000000000000000 .hidden ipint_table_set_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_set 0000000000025a00 g F .text 0000000000000000 .hidden ipint_reserved_0x27_validate 0000000000025b00 g F .text 0000000000000000 .hidden ipint_i32_load_mem_validate 0000000000025c00 g F .text 0000000000000000 .hidden ipint_i64_load_mem_validate 0000000000025d00 g F .text 0000000000000000 .hidden ipint_f32_load_mem_validate 0000000000025e00 g F .text 0000000000000000 .hidden ipint_f64_load_mem_validate 0000000000025f00 g F .text 0000000000000000 .hidden ipint_i32_load8s_mem_validate 0000000000026000 g F .text 0000000000000000 .hidden ipint_i32_load8u_mem_validate 2195008 6 478839 fujii 2026-03-29 23:17:08 -0700 Created attachment 478839 WIP patch adding -O for debug build works around the issue. 2195009 7 478840 fujii 2026-03-29 23:19:25 -0700 Created attachment 478840 WIP patch 2196601 8 jmichaud 2026-04-03 07:49:09 -0700 Pull request: https://github.com/WebKit/WebKit/pull/61980 2196758 9 fujii 2026-04-03 18:49:08 -0700 Pull request: https://github.com/WebKit/WebKit/pull/62012 2196766 10 ews-feeder 2026-04-03 20:26:48 -0700 Committed 310552@main (3cd6f131ec0c): <https://commits.webkit.org/310552@main> Reviewed commits have been landed. Closing PR #62012 and removing active labels. 2196767 11 webkit-bug-importer 2026-04-03 20:27:13 -0700 <rdar://problem/174057957> 478839 2026-03-29 23:17:08 -0700 2026-03-29 23:19:25 -0700 WIP patch wip.patch text/plain 673 fujii ZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DTWFrZUxpc3RzLnR4dCBiL1NvdXJj ZS9KYXZhU2NyaXB0Q29yZS9DTWFrZUxpc3RzLnR4dAppbmRleCA1YTIxZTRjMjNlMjcuLmNmYTJm MGFkMDVjNSAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRDb3JlL0NNYWtlTGlzdHMudHh0 CisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DTWFrZUxpc3RzLnR4dApAQCAtMTcyNSw2ICsx NzI1LDEwIEBAIGlmIChDTUFLRV9DT01QSUxFUl9JU19HTlVDWFggQU5EIEdDQ19PRkZMSU5FQVNN X1NPVVJDRV9NQVApCiAgICAgICAgIENPTVBJTEVfT1BUSU9OUyAiLWZuby1sdG8iKQogZW5kaWYg KCkKIAoraWYgKENNQUtFX0JVSUxEX1RZUEUgU1RSRVFVQUwgIkRlYnVnIikKKyAgICAjc2V0X3Nv dXJjZV9maWxlc19wcm9wZXJ0aWVzKCJsbGludC9Mb3dMZXZlbEludGVycHJldGVyLmNwcCIgUFJP UEVSVElFUyBDT01QSUxFX09QVElPTlMgIi1PIikKK2VuZGlmICgpCisKICMgV2luZG93cyBBUk02 NDogRGlzYWJsZSB1bndpbmQgdGFibGVzIHRvIHdvcmsgYXJvdW5kIExMVk0gYnVnICM0NzQzMgog IyAoYWxpZ25tZW50IGRpcmVjdGl2ZXMgaW4gaW5saW5lIGFzbSBicmVhayBTRUggdW53aW5kIGlu Zm8gY2FsY3VsYXRpb24pCiBpZiAoV0lOMzIgQU5EIFdURl9DUFVfQVJNNjQpCg== 478840 2026-03-29 23:19:25 -0700 2026-03-29 23:19:25 -0700 WIP patch wip.patch text/plain 672 fujii ZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DTWFrZUxpc3RzLnR4dCBiL1NvdXJj ZS9KYXZhU2NyaXB0Q29yZS9DTWFrZUxpc3RzLnR4dAppbmRleCA1YTIxZTRjMjNlMjcuLjMyODcy NTEyMTMxYyAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRDb3JlL0NNYWtlTGlzdHMudHh0 CisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DTWFrZUxpc3RzLnR4dApAQCAtMTcyNSw2ICsx NzI1LDEwIEBAIGlmIChDTUFLRV9DT01QSUxFUl9JU19HTlVDWFggQU5EIEdDQ19PRkZMSU5FQVNN X1NPVVJDRV9NQVApCiAgICAgICAgIENPTVBJTEVfT1BUSU9OUyAiLWZuby1sdG8iKQogZW5kaWYg KCkKIAoraWYgKENNQUtFX0JVSUxEX1RZUEUgU1RSRVFVQUwgIkRlYnVnIikKKyAgICBzZXRfc291 cmNlX2ZpbGVzX3Byb3BlcnRpZXMoImxsaW50L0xvd0xldmVsSW50ZXJwcmV0ZXIuY3BwIiBQUk9Q RVJUSUVTIENPTVBJTEVfT1BUSU9OUyAiLU8iKQorZW5kaWYgKCkKKwogIyBXaW5kb3dzIEFSTTY0 OiBEaXNhYmxlIHVud2luZCB0YWJsZXMgdG8gd29yayBhcm91bmQgTExWTSBidWcgIzQ3NDMyCiAj IChhbGlnbm1lbnQgZGlyZWN0aXZlcyBpbiBpbmxpbmUgYXNtIGJyZWFrIFNFSCB1bndpbmQgaW5m byBjYWxjdWxhdGlvbikKIGlmIChXSU4zMiBBTkQgV1RGX0NQVV9BUk02NCkK