JSCOnly: --------- - before: https://build.webkit.org/builders/JSCOnly%20Linux%20ARMv7%20Thumb2%20Release/builds/468 - after: https://build.webkit.org/builders/JSCOnly%20Linux%20ARMv7%20Thumb2%20Release/builds/469 GTK: ----- - before: https://build.webkit.org/builders/GTK%20Linux%20ARM%20Release/builds/11044 - after: https://build.webkit.org/builders/GTK%20Linux%20ARM%20Release/builds/11045 no problem on AArch64, ARMv7 ARM instructions set, x86 32 bit
Here is a relase backtrace: $ ./jsc Illegal instruction (core dumped) linaro@linaro-alip:/ramdisk/thumb2/jsc-stress-results/.vm/JavaScriptCore.framework/Resources$ gdb ./jsc core GNU gdb (Ubuntu 7.7-0ubuntu3) 7.7 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "arm-linux-gnueabihf". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./jsc...(no debugging symbols found)...done. [New LWP 23648] [New LWP 23655] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1". Core was generated by `./jsc'. Program terminated with signal SIGILL, Illegal instruction. #0 0xb6cd1b7c in JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&) () from /home/webkitbuildbot/slaves/jsconly-thumb2/buildslave/jsconly-linux-armv7-thumb2-release/build/WebKitBuild/Release/lib/libJavaScriptCore.so.1 (gdb) bt #0 0xb6cd1b7c in JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&) () from /home/webkitbuildbot/slaves/jsconly-thumb2/buildslave/jsconly-linux-armv7-thumb2-release/build/WebKitBuild/Release/lib/libJavaScriptCore.so.1 #1 0xb6c5080e in JSC::ArrayPrototype::finishCreation(JSC::VM&, JSC::JSGlobalObject*) () from /home/webkitbuildbot/slaves/jsconly-thumb2/buildslave/jsconly-linux-armv7-thumb2-release/build/WebKitBuild/Release/lib/libJavaScriptCore.so.1 #2 0x7e78c0b6 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) disassembly: ... 0xb6cd1b70 <JSC::getTemplateObject(JSC::ExecState*)+28>: mvnne.w r1, #4 0xb6cd1b74 <JSC::getTemplateObject(JSC::ExecState*)+32>: mvneq.w r1, #5 0xb6cd1b78 <JSC::getTemplateObject(JSC::ExecState*)+36>: pop {r3, pc} 0xb6cd1b7a: nop => 0xb6cd1b7c <JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)+0>: str.w r4, [sp, #-20]! 0xb6cd1b80 <JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)+4>: strd r5, r6, [sp, #4] 0xb6cd1b84 <JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)+8>: ldr r5, [pc, #132] ; (0xb6cd1c0c <JSC::JSFunction* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)#5}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSFunction>::Initializer const&)+144>) ...
What do you think, is it a bug in r200383 or a GCC bug?
Might have also broken 64-bit debug builds. https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/8787 https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/8788
(In reply to comment #2) > What do you think, is it a bug in r200383 or a GCC bug? Looks like a GCC bug in the case of GTK+ debug bot.
(In reply to comment #2) > What do you think, is it a bug in r200383 or a GCC bug? It is definitely caused by r200383, not a GCC bug, see https://bugs.webkit.org/show_bug.cgi?id=157045#c61
Created attachment 278081 [details] Patch
Comment on attachment 278081 [details] Patch I think this would have almost worked, but I believe that it's too crazy to rely on the alignment of function pointers. I'm going to land a version that doesn't rely on the alignment or bit arrangement of function pointers at all.
*** This bug has been marked as a duplicate of bug 157045 ***