[webkit-changes] [WebKit/WebKit] 256a5b: [JSC] Fix AssemblyCommentRegistry when not using l...
jjgriego
noreply at github.com
Wed Oct 19 08:51:08 PDT 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 256a5b87fda903edfb2bf98dd7293122cc611b08
https://github.com/WebKit/WebKit/commit/256a5b87fda903edfb2bf98dd7293122cc611b08
Author: Joseph Griego <jgriego at igalia.com>
Date: 2022-10-19 (Wed, 19 Oct 2022)
Changed paths:
M Source/JavaScriptCore/jit/ExecutableAllocator.cpp
Log Message:
-----------
[JSC] Fix AssemblyCommentRegistry when not using libpas jit heap
https://bugs.webkit.org/show_bug.cgi?id=246705
Reviewed by Yusuke Suzuki.
On e.g. armv7 linux where the libpas allocator is not used, the assertion
enforcing that comment registry regions are disjoint fails. Reproducing the
failure is easy:
./WebKitBuild/Debug/bin/jsc --dumpDisassembly=1 JSTests/stress/dfg-branch.js
This results in:
ASSERTION FAILED: newEnd <= thisStart || thisEnd <= newStart
../../Source/JavaScriptCore/assembler/AssemblyComments.h(63) : void JSC::AssemblyCommentRegistry::registerCodeRange(void*, void*, JSC::AssemblyCommentRegistry::CommentMap&&)
Aborted
This seems to be because the comment registry range for a executable region is
not unregistered when the memory reason is released back to the allocator--this
code was added only for the libpas allocator. To fix it, we just need to also
unregister regions when using the not-libpas allocator, too.
* Source/JavaScriptCore/jit/ExecutableAllocator.cpp:
Canonical link: https://commits.webkit.org/255735@main
More information about the webkit-changes
mailing list