WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
310768
REGRESSION(
309850@main
): [GTK][JSC] build-webkit --gtk --debug reports "ASSERTION FAILED: i64_load_mem" while generating WebKit-6.0.gir
https://bugs.webkit.org/show_bug.cgi?id=310768
Summary
REGRESSION(309850@main): [GTK][JSC] build-webkit --gtk --debug reports "ASSER...
Fujii Hironori
Reported
2026-03-25 21:42:45 PDT
[GTK][JSC] build-webkit --gtk --debug reports "ASSERTION FAILED: i64_load_mem" while generating WebKit-6.0.gir I'm using clang 18, and invoking "build-webkit --gtk --debug" with
309959@main
. FAILED: WebKit-6.0.gir /sdk/webkit/WebKitBuild/GTK/Debug/WebKit-6.0.gir cd /sdk/webkit && /usr/bin/cmake -E env CC=/usr/local/bin/clang (...) ASSERTION FAILED: i64_load_mem (char*)(untaggedPtr) - (char*)(untaggedBase) == 0x29 * alignIPInt ../../../Source/JavaScriptCore/llint/InPlaceInterpreter.cpp(79) : void JSC::IPInt::initialize() 1 0x7f03e12d80ff JSC::IPInt::initialize() 2 0x7f03e12fc339 JSC::LLInt::initialize() 3 0x7f03e173e33d JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0::operator()() const 4 0x7f03e173e295 void std::__invoke_impl<void, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::__invoke_other, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&) 5 0x7f03e173e275 std::__invoke_result<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>::type std::__invoke<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&) 6 0x7f03e173e258 std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&)::{lambda()#1}::operator()() const 7 0x7f03e173e234 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&)::{lambda()#1}>(JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&)::{lambda()#1}::operator()() const 8 0x7f03e173e201 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&)::{lambda()#1}>(JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&)::{lambda()#1}::__invoke() 9 0x7f03dcb3ded3 __pthread_once_slow 10 0x7f03e173e1ab __gthread_once(int*, void (*)()) 11 0x7f03e1702ac5 void std::call_once<JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0>(std::once_flag&, JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&)::$_0&&) 12 0x7f03e1702a84 JSC::initializeWithOptionsCustomization(WTF::ScopedLambda<void ()> const&) 13 0x7f03e1702a52 _ZN3JSC10initializeITkN3WTF9InvocableIFvvEEEZNS_10initializeEvE3$_0EEvRKT_ 14 0x7f03e1702a21 JSC::initialize() 15 0x7f03ee1b5ca9 WebKit::InitializeWebKit2() 16 0x7f03ee78c7b7 WebKit::webkitInitialize()::$_0::operator()() const 17 0x7f03ee78c775 void std::__invoke_impl<void, WebKit::webkitInitialize()::$_0>(std::__invoke_other, WebKit::webkitInitialize()::$_0&&) 18 0x7f03ee78c755 std::__invoke_result<WebKit::webkitInitialize()::$_0>::type std::__invoke<WebKit::webkitInitialize()::$_0>(WebKit::webkitInitialize()::$_0&&) 19 0x7f03ee78c738 std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&)::{lambda()#1}::operator()() const 20 0x7f03ee78c714 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&)::{lambda()#1}>(WebKit::webkitInitialize()::$_0&)::{lambda()#1}::operator()() const 21 0x7f03ee78c6e1 std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&)::{lambda()#1}>(WebKit::webkitInitialize()::$_0&)::{lambda()#1}::__invoke() 22 0x7f03dcb3ded3 __pthread_once_slow 23 0x7f03ee78c68b __gthread_once(int*, void (*)()) 24 0x7f03ee78c5d5 void std::call_once<WebKit::webkitInitialize()::$_0>(std::once_flag&, WebKit::webkitInitialize()::$_0&&) 25 0x7f03ee78c598 WebKit::webkitInitialize() 26 0x7f03ee78f1b1 webkit_input_method_context_class_init(_WebKitInputMethodContextClass*) 27 0x7f03ee78f139 webkit_input_method_context_class_intern_init(void*, void*) 28 0x7f03dcce7ebe g_type_class_ref 29 0x55ca83026d53 dump_properties 30 0x55ca830264d2 dump_object_type 31 0x55ca83025f11 dump_type
Attachments
WIP patch
(673 bytes, patch)
2026-03-29 23:17 PDT
,
Fujii Hironori
no flags
Details
Formatted Diff
Diff
WIP patch
(672 bytes, patch)
2026-03-29 23:19 PDT
,
Fujii Hironori
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Fujii Hironori
Comment 1
2026-03-25 22:01:57 PDT
jsc also crashes. fujii@wkdev $ ./WebKitBuild/GTK/Debug/bin/jsc ASSERTION FAILED: i64_load_mem (char*)(untaggedPtr) - (char*)(untaggedBase) == 0x29 * alignIPInt ../../../Source/JavaScriptCore/llint/InPlaceInterpreter.cpp(79) : void JSC::IPInt::initialize() [...]
Fujii Hironori
Comment 2
2026-03-25 22:46:50 PDT
309850@main
is the regression point.
Fujii Hironori
Comment 3
2026-03-26 17:30:18 PDT
*** This bug has been marked as a duplicate of
bug 310834
***
Fujii Hironori
Comment 4
2026-03-29 18:57:24 PDT
Still happening even after
310045@main
. Reopened.
Fujii Hironori
Comment 5
2026-03-29 23:15:12 PDT
Comparing the sizes of ipint_i32_load_mem_validate of debug and release builds. fujii@wkdev $ objdump -x WebKitBuild/GTK/Debug/Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o | grep -C5 ipint_i32_load_mem_validate 000000000002de00 g F .text 0000000000000000 .hidden ipint_table_get_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_get 000000000002df00 g F .text 0000000000000000 .hidden ipint_table_set_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_set 000000000002e000 g F .text 0000000000000000 .hidden ipint_reserved_0x27_validate 000000000002e100 g F .text 0000000000000000 .hidden ipint_i32_load_mem_validate 000000000002e300 g F .text 0000000000000000 .hidden ipint_i64_load_mem_validate 000000000002e500 g F .text 0000000000000000 .hidden ipint_f32_load_mem_validate 000000000002e700 g F .text 0000000000000000 .hidden ipint_f64_load_mem_validate 000000000002e900 g F .text 0000000000000000 .hidden ipint_i32_load8s_mem_validate 000000000002eb00 g F .text 0000000000000000 .hidden ipint_i32_load8u_mem_validate fujii@wkdev $ objdump -x WebKitBuild/GTK/Release/Source/JavaScriptCore/CMakeFiles/LowLevelInterpreterLib.dir/llint/LowLevelInterpreter.cpp.o | grep -C5 ipint_i32_load_mem_validate 0000000000025800 g F .text 0000000000000000 .hidden ipint_table_get_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_get 0000000000025900 g F .text 0000000000000000 .hidden ipint_table_set_validate 0000000000000000 *UND* 0000000000000000 ipint_extern_table_set 0000000000025a00 g F .text 0000000000000000 .hidden ipint_reserved_0x27_validate 0000000000025b00 g F .text 0000000000000000 .hidden ipint_i32_load_mem_validate 0000000000025c00 g F .text 0000000000000000 .hidden ipint_i64_load_mem_validate 0000000000025d00 g F .text 0000000000000000 .hidden ipint_f32_load_mem_validate 0000000000025e00 g F .text 0000000000000000 .hidden ipint_f64_load_mem_validate 0000000000025f00 g F .text 0000000000000000 .hidden ipint_i32_load8s_mem_validate 0000000000026000 g F .text 0000000000000000 .hidden ipint_i32_load8u_mem_validate
Fujii Hironori
Comment 6
2026-03-29 23:17:08 PDT
Created
attachment 478839
[details]
WIP patch adding -O for debug build works around the issue.
Fujii Hironori
Comment 7
2026-03-29 23:19:25 PDT
Created
attachment 478840
[details]
WIP patch
Justin Michaud
Comment 8
2026-04-03 07:49:09 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/61980
Fujii Hironori
Comment 9
2026-04-03 18:49:08 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/62012
EWS
Comment 10
2026-04-03 20:26:48 PDT
Committed
310552@main
(3cd6f131ec0c): <
https://commits.webkit.org/310552@main
> Reviewed commits have been landed. Closing PR #62012 and removing active labels.
Radar WebKit Bug Importer
Comment 11
2026-04-03 20:27:13 PDT
<
rdar://problem/174057957
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug