Bug 310768

Summary:

REGRESSION(309850@main): [GTK][JSC] build-webkit --gtk --debug reports "ASSERTION FAILED: i64_load_mem" while generating WebKit-6.0.gir

Product:

WebKit

Reporter:

Fujii Hironori <fujii>

Component:

JavaScriptCore

Assignee:

Fujii Hironori <fujii>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

aperez, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
WIP patch	none
WIP patch	none

Fujii Hironori

Reported 2026-03-25 21:42:45 PDT

[GTK][JSC] build-webkit --gtk --debug reports "ASSERTION FAILED: i64_load_mem" while generating WebKit-6.0.gir I'm using clang 18, and invoking "build-webkit --gtk --debug" with 309959@main. FAILED: WebKit-6.0.gir /sdk/webkit/WebKitBuild/GTK/Debug/WebKit-6.0.gir cd /sdk/webkit && /usr/bin/cmake -E env CC=/usr/local/bin/clang (...) ASSERTION FAILED: i64_load_mem (char*)(untaggedPtr) - (char*)(untaggedBase) == 0x29 * alignIPInt ../../../Source/JavaScriptCore/llint/InPlaceInterpreter.cpp(79) : void JSC::IPInt::initialize() 1 0x7f03e12d80ff JSC::IPInt::initialize() 2 0x7f03e12fc339 JSC::LLInt::initialize() 3 0x7f03e173e33d JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0::operator()() const 4 0x7f03e173e295 void std::__invoke_impl<void, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::__invoke_other, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&) 5 0x7f03e173e275 std::__invoke_result<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>::type std::__invoke<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&) 6 0x7f03e173e258 std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&)::{lambda()#1}::operator()() const 7 0x7f03e173e234 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&)::{lambda()#1}>(JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&)::{lambda()#1}::operator()() const 8 0x7f03e173e201 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&)::{lambda()#1}>(JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&)::{lambda()#1}::__invoke() 9 0x7f03dcb3ded3 __pthread_once_slow 10 0x7f03e173e1ab __gthread_once(int*, void (*)()) 11 0x7f03e1702ac5 void std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&) 12 0x7f03e1702a84 JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&) 13 0x7f03e1702a52 _ZN3JSC10initializeITkN3WTF9InvocableIFvvEEEZNS_10initializeEvE3$_0EEvRKT_ 14 0x7f03e1702a21 JSC::initialize() 15 0x7f03ee1b5ca9 WebKit::InitializeWebKit2() 16 0x7f03ee78c7b7 WebKit::webkitInitialize()::$_0::operator()() const 17 0x7f03ee78c775 void std::__invoke_impl<void, WebKit::webkitInitialize()::$_0>(std::__invoke_other, WebKit::webkitInitialize()::$_0&&) 18 0x7f03ee78c755 std::__invoke_result<WebKit::webkitInitialize()::$_0>::type std::__invoke<WebKit::webkitInitialize()::$_0>(WebKit::webkitInitialize()::$_0&&) 19 0x7f03ee78c738 std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&)::{lambda()#1}::operator()() const 20 0x7f03ee78c714 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&)::{lambda()#1}>(WebKit::webkitInitialize()::$_0&)::{lambda()#1}::operator()() const 21 0x7f03ee78c6e1 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&)::{lambda()#1}>(WebKit::webkitInitialize()::$_0&)::{lambda()#1}::__invoke() 22 0x7f03dcb3ded3 __pthread_once_slow 23 0x7f03ee78c68b __gthread_once(int*, void (*)()) 24 0x7f03ee78c5d5 void std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&) 25 0x7f03ee78c598 WebKit::webkitInitialize() 26 0x7f03ee78f1b1 webkit_input_method_context_class_init(_WebKitInputMethodContextClass*) 27 0x7f03ee78f139 webkit_input_method_context_class_intern_init(void*, void*) 28 0x7f03dcce7ebe g_type_class_ref 29 0x55ca83026d53 dump_properties 30 0x55ca830264d2 dump_object_type 31 0x55ca83025f11 dump_type

Attachments
WIP patch (673 bytes, patch) 2026-03-29 23:17 PDT, Fujii Hironori	no flags	Details Formatted Diff Diff
WIP patch (672 bytes, patch) 2026-03-29 23:19 PDT, Fujii Hironori	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2026-03-25 22:01:57 PDT

jsc also crashes. fujii@wkdev $ ./WebKitBuild/GTK/Debug/bin/jsc ASSERTION FAILED: i64_load_mem (char*)(untaggedPtr) - (char*)(untaggedBase) == 0x29 * alignIPInt ../../../Source/JavaScriptCore/llint/InPlaceInterpreter.cpp(79) : void JSC::IPInt::initialize() [...]

Fujii Hironori

Comment 2 2026-03-25 22:46:50 PDT

309850@main is the regression point.

Fujii Hironori

Comment 3 2026-03-26 17:30:18 PDT

*** This bug has been marked as a duplicate of bug 310834 ***

Fujii Hironori

Comment 4 2026-03-29 18:57:24 PDT

Still happening even after 310045@main. Reopened.

Fujii Hironori

Comment 5 2026-03-29 23:15:12 PDT

Comparing the sizes of ipint_i32_load_mem_validate of debug and release builds. fujii@wkdev $ objdump -x WebKitBuild/GTK/Debug/Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o | grep -C5 ipint_i32_load_mem_validate 000000000002de00 g F .text 0000000000000000 .hidden ipint_table_get_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_get 000000000002df00 g F .text 0000000000000000 .hidden ipint_table_set_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_set 000000000002e000 g F .text 0000000000000000 .hidden ipint_reserved_0x27_validate 000000000002e100 g F .text 0000000000000000 .hidden ipint_i32_load_mem_validate 000000000002e300 g F .text 0000000000000000 .hidden ipint_i64_load_mem_validate 000000000002e500 g F .text 0000000000000000 .hidden ipint_f32_load_mem_validate 000000000002e700 g F .text 0000000000000000 .hidden ipint_f64_load_mem_validate 000000000002e900 g F .text 0000000000000000 .hidden ipint_i32_load8s_mem_validate 000000000002eb00 g F .text 0000000000000000 .hidden ipint_i32_load8u_mem_validate fujii@wkdev $ objdump -x WebKitBuild/GTK/Release/Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o | grep -C5 ipint_i32_load_mem_validate 0000000000025800 g F .text 0000000000000000 .hidden ipint_table_get_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_get 0000000000025900 g F .text 0000000000000000 .hidden ipint_table_set_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_set 0000000000025a00 g F .text 0000000000000000 .hidden ipint_reserved_0x27_validate 0000000000025b00 g F .text 0000000000000000 .hidden ipint_i32_load_mem_validate 0000000000025c00 g F .text 0000000000000000 .hidden ipint_i64_load_mem_validate 0000000000025d00 g F .text 0000000000000000 .hidden ipint_f32_load_mem_validate 0000000000025e00 g F .text 0000000000000000 .hidden ipint_f64_load_mem_validate 0000000000025f00 g F .text 0000000000000000 .hidden ipint_i32_load8s_mem_validate 0000000000026000 g F .text 0000000000000000 .hidden ipint_i32_load8u_mem_validate

Fujii Hironori

Comment 6 2026-03-29 23:17:08 PDT

Created attachment 478839 [details] WIP patch adding -O for debug build works around the issue.

Fujii Hironori

Comment 7 2026-03-29 23:19:25 PDT

Created attachment 478840 [details] WIP patch

Justin Michaud

Comment 8 2026-04-03 07:49:09 PDT

Pull request: https://github.com/WebKit/WebKit/pull/61980

Fujii Hironori

Comment 9 2026-04-03 18:49:08 PDT

Pull request: https://github.com/WebKit/WebKit/pull/62012

EWS

Comment 10 2026-04-03 20:26:48 PDT

Committed 310552@main (3cd6f131ec0c): <https://commits.webkit.org/310552@main> Reviewed commits have been landed. Closing PR #62012 and removing active labels.

Radar WebKit Bug Importer

Comment 11 2026-04-03 20:27:13 PDT

<rdar://problem/174057957>

Note You need to log in before you can comment on or make changes to this bug.