According to our builbot this commit http://trac.webkit.org/changeset/78732 crashes the execution of the sunspider tests, and also the v8 benchmarks. The machine is an ARMv7 Pandaboard EA1, kernel 2.6.35.3 and the JSC is natively compiled with g++ (Ubuntu/Linaro 4.4.4-14ubuntu5) 4.4.5 trace: ~/WebKit/Programs/jsc sunspider-0.9.1/3d-cube.js ASSERTION FAILED: differenceBetween(hotPathBegin, displacementLabel1) == patchOffsetPutByIdPropertyMapOffset1 Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp(517) : void JSC::JIT::emit_op_put_by_id(JSC::Instruction*) Segmentation fault gdb trace: Starting program: /home/user/buildslave/full-wk/build/Programs/jsc 3d-cube.js [Thread debugging using libthread_db enabled] [New Thread 0x41e5f460 (LWP 23458)] Program received signal SIGSEGV, Segmentation fault. 0x000d80b8 in JITStubThunked_op_create_this () (gdb) bt #0 0x000d80b8 in JITStubThunked_op_create_this () #1 0x000d3b1c in cti_op_create_this () #2 0x000d3b1c in cti_op_create_this ()
<rdar://problem/9018458>
With the patch from https://bugs.webkit.org/show_bug.cgi?id=54901 I can see the difference in the offsets is: ASSERTION FAILED: JIT Offset "patchOffsetPutByIdPropertyMapOffset1" should be 46, not 36. differenceBetween(hotPathBegin, displacementLabel1) == patchOffsetPutByIdPropertyMapOffset1 ../../Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp(517) : void JSC::JIT::emit_op_put_by_id(JSC::Instruction*)
Created attachment 83476 [details] jitoffsetarmv7.diff This seems to fix the issue.
Comment on attachment 83476 [details] jitoffsetarmv7.diff Apologies for breaking this, cheers for the fix Xan.
Comment on attachment 83476 [details] jitoffsetarmv7.diff Clearing flags on attachment: 83476 Committed r79460: <http://trac.webkit.org/changeset/79460>
All reviewed patches have been landed. Closing bug.
http://trac.webkit.org/changeset/79460 might have broken Qt Linux Release The following tests are not passing: fast/overflow/overflow-height-float-not-removed-crash3.html