136162 – [JSC] ASSERTION FAILED: imm26 == (imm26 << 6) >> 6 in JSC::ARM64Assembler::unconditionalBranchImmediate

Bug 136162 - [JSC] ASSERTION FAILED: imm26 == (imm26 << 6) >> 6 in JSC::ARM64Assembler::unconditionalBranchImmediate

Summary: [JSC] ASSERTION FAILED: imm26 == (imm26 << 6) >> 6 in JSC::ARM64Assembler::un...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	108645
	Show dependency tree / graph

Reported:	2014-08-22 11:09 PDT by Akos Kiss
Modified:	2014-08-22 12:00 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Proposed patch. (2.07 KB, patch) 2014-08-22 11:13 PDT, Akos Kiss	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Akos Kiss 2014-08-22 11:09:27 PDT

When running tests on EFL/ARM64, jsc sporadically segfaults with "ASSERTION FAILED: imm26 == (imm26 << 6) >> 6" in JSC::ARM64Assembler::unconditionalBranchImmediate (e.g., when linking a call from 0x7fa76df114 to 0x7fb0728a20). The error is non-deterministic, it depends on where the executable allocator allocates chunks of memory.

Comment 1 Akos Kiss 2014-08-22 11:13:47 PDT

Created attachment 236992 [details]
Proposed patch.

Comment 2 Michael Saboff 2014-08-22 11:22:29 PDT

Comment on attachment 236992 [details]
Proposed patch.

r=me

Comment 3 WebKit Commit Bot 2014-08-22 12:00:02 PDT

Comment on attachment 236992 [details]
Proposed patch.

Clearing flags on attachment: 236992

Committed r172863: <http://trac.webkit.org/changeset/172863>

Comment 4 WebKit Commit Bot 2014-08-22 12:00:06 PDT

All reviewed patches have been landed.  Closing bug.