Bug 153482 - REGRESSION(r195575): It made all JSC tests crash on ARMv7 Linux
Summary: REGRESSION(r195575): It made all JSC tests crash on ARMv7 Linux
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P1 Blocker
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 108645 153448
  Show dependency treegraph
 
Reported: 2016-01-26 05:54 PST by Csaba Osztrogonác
Modified: 2016-01-27 03:30 PST (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Csaba Osztrogonác 2016-01-26 05:54:02 PST
https://trac.webkit.org/changeset/195575 made all JSC tests crash on ARMv7 Linux.

EFL ARMv7 (with ARM instruction set):
======================================
before: https://build.webkit.org/builders/EFL%20Linux%20ARMv7%20Traditional%20Release/builds/16758
after: https://build.webkit.org/builders/EFL%20Linux%20ARMv7%20Traditional%20Release/builds/16752

EFL ARMv7 (with Thumb2 instruction set):
=========================================
before: https://build.webkit.org/builders/EFL%20Linux%20ARMv7%20Thumb2%20Release/builds/16899
after: https://build.webkit.org/builders/EFL%20Linux%20ARMv7%20Thumb2%20Release/builds/16906
Comment 1 Csaba Osztrogonác 2016-01-26 10:23:28 PST
This asserts hit in debug build:
Source/JavaScriptCore/assembler/ARMv7Assembler.h(2206) : static void JSC::ARMv7Assembler::relinkJump(void*, void*)
ASSERTION FAILED: !(reinterpret_cast<intptr_t>(to) & 1)
Comment 2 Csaba Osztrogonác 2016-01-26 10:47:45 PST
full crash log:

ASSERTION FAILED: !(reinterpret_cast<intptr_t>(to) & 1)
../../Source/JavaScriptCore/assembler/ARMv7Assembler.h(2206) : static void JSC::ARMv7Assembler::relinkJump(void*, void*)
1   0xb64c3868 WTFCrash
2   0xb5fe3fe4 JSC::ARMv7Assembler::relinkJump(void*, void*)
3   0xb61f4694 JSC::AbstractMacroAssembler<JSC::ARMv7Assembler, JSC::MacroAssemblerARMv7>::repatchNearCall(JSC::CodeLocationNearCall, JSC::CodeLocationLabel)
4   0xb61f1790 JSC::linkFor(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CodeBlock*, JSC::JSFunction*, JSC::MacroAssemblerCodePtr)
5   0xb61d45ae
Segmentation fault


Unfortunately it isn't easy to debug this regression, because GDB crashes :(
Comment 3 Csaba Osztrogonác 2016-01-27 03:30:25 PST
I don't know what happened, but after a clean build release crashes went away.

It seems the debug assert is unrelated to this bug, but still valid.
I'm going to file a new bug report for it and start to investigate.