WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
126557
CStack Branch: ARM64 Crash in llint_function_for_call_arity_check running 3d-raytrace.js
https://bugs.webkit.org/show_bug.cgi?id=126557
Summary
CStack Branch: ARM64 Crash in llint_function_for_call_arity_check running 3d-...
Michael Saboff
Reported
2014-01-06 18:13:33 PST
When running the sun spider test 3d-raytrace.js, we crash trying to validate the return PC in the frame after the frame was moved for arity in functionArityCheck() loadp CommonSlowPaths::ArityCheckData::returnPC[t1], t5 loadp CommonSlowPaths::ArityCheckData::paddedStackSpace[t1], t0 call t2 if ASSERT_ENABLED loadp ReturnPC[cfr], t0 loadp [t0], t0 <==== This fails due to a bad return PC value of 1. end
Attachments
Patch
(2.11 KB, patch)
2014-01-06 18:20 PST
,
Michael Saboff
ggaren
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Michael Saboff
Comment 1
2014-01-06 18:20:02 PST
Created
attachment 220479
[details]
Patch
Geoffrey Garen
Comment 2
2014-01-06 21:30:27 PST
Comment on
attachment 220479
[details]
Patch r=me Would be nice to be able to assert that we match GPRInfo.
Michael Saboff
Comment 3
2014-01-06 22:06:12 PST
Committed
r161407
: <
http://trac.webkit.org/changeset/161407
>
Michael Saboff
Comment 4
2014-01-06 22:26:39 PST
(In reply to
comment #2
)
> (From update of
attachment 220479
[details]
) > r=me > > Would be nice to be able to assert that we match GPRInfo.
I agree. One thing we could do is modify the offline assembler to output some compile asserts before the inline assembly.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug