The following testcase crashes on mozilla-central revision 9cb650de48f9+ (build with --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --disable-tests --disable-profiling --enable-debug --enable-optimize --enable-simulator=arm64, run with --fuzzing-safe): var g = newGlobal(); g.parent = this; g.eval("(" + function() { var dbg = Debugger(parent); dbg.onEnterFrame = function(frame) { frame.onStep = function() {} } } + ")()"); function checkMethods(proto) { var names = Object.getOwnPropertyNames(proto); for (var i = 0; i < names.length; i++) { var name = names[i]; if (name) continue; var prop = proto[name]; if (typeof prop === "function") checkMethod(prop); } } var builtin_ctors = [ Object, Function, Array, String, Boolean, Number, Date, RegExp, Error, ]; for (var i = 0; i < builtin_ctors.length; i++) { checkMethods(builtin_ctors[i]); } Backtrace: received signal SIGSEGV, Segmentation fault. 0x00000000009e3ec4 in vixl::Simulator::LogRead (format=<optimized out>, reg_code=<optimized out>, address=<optimized out>, this=<optimized out>) at js/src/jit/arm64/vixl/Simulator-vixl.h:1203 #0 0x00000000009e3ec4 in vixl::Simulator::LogRead (format=<optimized out>, reg_code=<optimized out>, address=<optimized out>, this=<optimized out>) at js/src/jit/arm64/vixl/Simulator-vixl.h:1203 #1 vixl::Simulator::LoadStorePairHelper (this=0x7ffff5f3b000, instr=0x2c949e7cab7c, addrmode=<optimized out>) at js/src/jit/arm64/vixl/Simulator-vixl.cpp:1233 #2 0x000000000094eb88 in vixl::Decoder::VisitLoadStorePairPostIndex (this=<optimized out>, instr=0x2c949e7cab7c) at js/src/jit/arm64/vixl/Decoder-vixl.cpp:872 #3 0x00000000009d61d5 in vixl::Decoder::Decode (instr=<optimized out>, this=<optimized out>) at js/src/jit/arm64/vixl/Decoder-vixl.h:158 #4 vixl::Simulator::ExecuteInstruction (this=0x7ffff5f3b000) at js/src/jit/arm64/vixl/MozSimulator-vixl.cpp:195 #5 0x00000000009d882c in vixl::Simulator::Run (this=0x7ffff5f3b000) at js/src/jit/arm64/vixl/Simulator-vixl.cpp:70 #6 0x00000000009d669d in vixl::Simulator::RunFrom (first=0x2c949e7ca970, this=0x7ffff5f3b000) at js/src/jit/arm64/vixl/Simulator-vixl.cpp:78 #7 vixl::Simulator::call (this=0x7ffff5f3b000, entry=entry@entry=0x2c949e7ca970 "\376w\277\251\375\003", argument_count=argument_count@entry=8) at js/src/jit/arm64/vixl/MozSimulator-vixl.cpp:326 #8 0x000000000062425e in EnterBaseline (data=..., cx=0x7ffff5f16000) at js/src/jit/BaselineJIT.cpp:151 #9 js::jit::EnterBaselineAtBranch (cx=0x7ffff5f16000, fp=0x7ffff45730b0, pc=<optimized out>) at js/src/jit/BaselineJIT.cpp:226 #10 0x000000000056dc10 in Interpret (cx=0x7ffff5f16000, state=...) at js/src/vm/Interpreter.cpp:2037 [...] #20 0x0000000000442d2d in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at js/src/shell/js.cpp:9420 rax 0x0 0 rbx 0x7ffff5f3b000 140737319776256 rcx 0x797ff4c1fe90 133590474161808 rdx 0xffffffffffffffff -1 rsi 0x797ff4c1fe90 133590474161808 rdi 0x7ffff5f3b000 140737319776256 rbp 0x7fffffffcf10 140737488342800 rsp 0x7fffffffceb0 140737488342704 r8 0x0 0 r9 0x0 0 r10 0x1 1 r11 0x0 0 r12 0x8 8 r13 0x2c949e7cab7c 49016825752444 r14 0xa8c15ff8 2831245304 r15 0x80400000 2151677952 rip 0x9e3ec4 <vixl::Simulator::LoadStorePairHelper(vixl::Instruction const*, vixl::AddrMode)+2516> => 0x9e3ec4 <vixl::Simulator::LoadStorePairHelper(vixl::Instruction const*, vixl::AddrMode)+2516>: mov (%rcx),%rdx 0x9e3ec7 <vixl::Simulator::LoadStorePairHelper(vixl::Instruction const*, vixl::AddrMode)+2519>: jmpq 0x9e3b91 <vixl::Simulator::LoadStorePairHelper(vixl::Instruction const*, vixl::AddrMode)+1697> Another crash in ARM64 simulator with Debugger, possibly related to bug 1445992?

> Another crash in ARM64 simulator with Debugger, possibly related to bug 1445992? Yeah, we need to make some time available for digging into that.

Closing because no crash reported since 12 weeks.

Closing because no crash reported since 12 weeks.

This bug is related to ARM64 simulator support, reopening because it has no connection to crash reports.