Bug 192018 - ASSERTION FAILED: capacity && isPageAligned(capacity) in JSC::CLoopStack::CLoopStack(JSC::VM&)
Summary: ASSERTION FAILED: capacity && isPageAligned(capacity) in JSC::CLoopStack::CLo...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-11-27 11:09 PST by Ryan Haddad
Modified: 2018-11-27 17:49 PST (History)
9 users (show)

See Also:

Attachments
proposed patch. (1.69 KB, patch)
2018-11-27 15:46 PST, Mark Lam 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Haddad 2018-11-27 11:09:21 PST 
The following assertion failure is seen on the 32-bit JSC bot:

stress/regress-191579.js.default: ASSERTION FAILED: capacity && isPageAligned(capacity)
stress/regress-191579.js.default: ./interpreter/CLoopStack.cpp(59) : JSC::CLoopStack::CLoopStack(JSC::VM &)
stress/regress-191579.js.default: 1   0x25d77b WTFCrash
stress/regress-191579.js.default: 2   0x25e3a4 WTFCrashWithInfo(int, char const*, char const*, int)
stress/regress-191579.js.default: 3   0x8e0c2c JSC::CLoopStack::CLoopStack(JSC::VM&)
stress/regress-191579.js.default: 4   0x8e1094 JSC::CLoopStack::CLoopStack(JSC::VM&)
stress/regress-191579.js.default: 5   0x8e804e JSC::Interpreter::Interpreter(JSC::VM&)
stress/regress-191579.js.default: 6   0x8e8144 JSC::Interpreter::Interpreter(JSC::VM&)
stress/regress-191579.js.default: 7   0xeb89d1 JSC::VM::VM(JSC::VM::VMType, JSC::HeapType)
stress/regress-191579.js.default: 8   0xebd7d1 JSC::VM::VM(JSC::VM::VMType, JSC::HeapType)
stress/regress-191579.js.default: 9   0xec04db JSC::VM::create(JSC::HeapType)
stress/regress-191579.js.default: 10  0x2207e int runJSC<jscmain(int, char**)::$_3>(CommandLine, bool, jscmain(int, char**)::$_3 const&)
stress/regress-191579.js.default: 11  0x20cb0 jscmain(int, char**)
stress/regress-191579.js.default: 12  0x20bd7 main
stress/regress-191579.js.default: 13  0xa73f4611 start
stress/regress-191579.js.default: test_script_1895: line 2: 36513 Segmentation fault: 11  ( "$@" ../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --validateExceptionChecks\=true --useDollarVM\=true --maxPerThreadStackUsage\=1572864 --maxPerThreadStackUsage\=400000 --useTypeProfiler\=true --exceptionStackTraceLimit\=1 --defaultErrorStackTraceLimit\=1 --useFTLJIT\=true regress-191579.js )
stress/regress-191579.js.default: ERROR: Unexpected exit code: 139

https://build.webkit.org/builders/Apple%20High%20Sierra%2032-bit%20JSC%20%28BuildAndTest%29/builds/2925
Comment 1 Ryan Haddad 2018-11-27 11:09:44 PST 
The test was added with https://trac.webkit.org/changeset/238141
Comment 2 Mark Lam 2018-11-27 15:46:02 PST 
Created attachment 355798 [details]
proposed patch.
Comment 3 WebKit Commit Bot 2018-11-27 17:48:43 PST 
Comment on attachment 355798 [details]
proposed patch.

Clearing flags on attachment: 355798

Committed r238595: <https://trac.webkit.org/changeset/238595>
Comment 4 WebKit Commit Bot 2018-11-27 17:48:45 PST 
All reviewed patches have been landed.  Closing bug.
Comment 5 Radar WebKit Bug Importer 2018-11-27 17:49:40 PST 
<rdar://problem/46295971>