WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
165747
FTL: Dumping disassembly requires that code origin is set when making polymorphic tail calls.
https://bugs.webkit.org/show_bug.cgi?id=165747
Summary
FTL: Dumping disassembly requires that code origin is set when making polymor...
Michael Saboff
Reported
2016-12-11 22:24:10 PST
If you try to dump disassembly in code with a polymorphic tail call, you get a crash similar to: ASSERTION FAILED: codeBlock()->canGetCodeOrigin(index) /Volumes/Data/src/webkit/Source/JavaScriptCore/interpreter/CallFrame.cpp(172) : JSC::CodeOrigin JSC::ExecState::codeOrigin() 1 0x106b918fd WTFCrash 2 0x105c28eef JSC::ExecState::codeOrigin() 3 0x1068b24f3 JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine(JSC::MacroAssemblerCodeRef const&, JSC::VM&, JSC::JSCell const*, JSC::ExecState*, JSC::CallLinkInfo&, WTF::Vector<JSC::PolymorphicCallCase, 0ul, WTF::CrashOnOverflow, 16ul> const&, std::__1::unique_ptr<unsigned int [], std::__1::default_delete<unsigned int []> >) 4 0x1068b2916 JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine(JSC::MacroAssemblerCodeRef const&, JSC::VM&, JSC::JSCell const*, JSC::ExecState*, JSC::CallLinkInfo&, WTF::Vector<JSC::PolymorphicCallCase, 0ul, WTF::CrashOnOverflow, 16ul> const&, std::__1::unique_ptr<unsigned int [], std::__1::default_delete<unsigned int []> >) 5 0x106921956 JSC::linkPolymorphicCall(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CallVariant) 6 0x1064e3ba8 operationLinkPolymorphicCall 7 0x2af7dcc01ada 8 0x2af7dcc0e86a 9 0x2af7dcc0e01a 10 0x1066f4185 llint_entry 11 0x1066eca4e vmEntryToJavaScript 12 0x1064d0af2 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 13 0x10644bc94 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) 14 0x105cf879d JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 15 0x10348c121 runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::String const&, bool, bool, bool) 16 0x103483f9a runJSC(JSC::VM*, CommandLine) 17 0x103482afd jscmain(int, char**) 18 0x103482a4e main 19 0x7fffbfa88255 start Segmentation fault: 11
Attachments
Patch
(2.77 KB, patch)
2016-12-11 22:40 PST
,
Michael Saboff
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Michael Saboff
Comment 1
2016-12-11 22:40:47 PST
Created
attachment 296893
[details]
Patch
Filip Pizlo
Comment 2
2016-12-12 08:43:57 PST
Comment on
attachment 296893
[details]
Patch Heh. I can't remember the number of times I've hit code origin issues in tail calls.
WebKit Commit Bot
Comment 3
2016-12-12 09:11:03 PST
Comment on
attachment 296893
[details]
Patch Clearing flags on attachment: 296893 Committed
r209708
: <
http://trac.webkit.org/changeset/209708
>
WebKit Commit Bot
Comment 4
2016-12-12 09:11:06 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug