hi,
iam debugging a crash in webkit JIT(arm thumb2 froyo) when loading a page.
The crash happens after return from the trampoline when popping pc,
0xa861b6ac
<_ZN3JSC7JITCode7executeEPNS_12RegisterFileEPNS_9ExecStateEPNS_12JSGlobalDataEPNS_7JSValueE+56>:
ldr r0, [r5, #0]
0xa861b6ae
<_ZN3JSC7JITCode7executeEPNS_12RegisterFileEPNS_9ExecStateEPNS_12JSGlobalDataEPNS_7JSValueE+58>:
bl 0xa8622698 <ctiTrampoline>
0xa861b6b2
<_ZN3JSC7JITCode7executeEPNS_12RegisterFileEPNS_9ExecStateEPNS_12JSGlobalDataEPNS_7JSValueE+62>:
add sp, #20
0xa861b6b4
<_ZN3JSC7JITCode7executeEPNS_12RegisterFileEPNS_9ExecStateEPNS_12JSGlobalDataEPNS_7JSValueE+64>:
pop {r4, r5, r6, r7, pc}
(gdb) x/20x $sp
0x46bb9360: 0xa8748b48 0x002601e8 0x003c8b60 0x46ec2024
0x46bb9370: 0x46bb93d8 0xa861c05f
The sp is off by 4 bytes, i.e. it should be 0x46bb9364 and not 0x46bb9360,
i.e. pc should be 0xa861c05f. If i explicitly set this value before popping,
the usecase works. Iam not familiar with the trampoline entry/exit sequence
with the generated code/native code to debug inside it,
so any pointers would be greatly helpful.
Thanks,
Zaheer
_______________________________________________
webkit-help mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-help
