[webkit-reviews] review requested: [Bug 170215] WebAssembly: Air::Inst::generate crashes on large binary on A64 : [Attachment 308810] path
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 2 02:08:57 PDT 2017
JF Bastien <jfbastien at apple.com> has asked for review:
Bug 170215: WebAssembly: Air::Inst::generate crashes on large binary on A64
https://bugs.webkit.org/show_bug.cgi?id=170215
Attachment 308810: path
https://bugs.webkit.org/attachment.cgi?id=308810&action=review
--- Comment #19 from JF Bastien <jfbastien at apple.com> ---
Created attachment 308810
--> https://bugs.webkit.org/attachment.cgi?id=308810&action=review
path
Address Fil's comments.
There's a new crash which I think comes after my latest rebase:
ASSERTION FAILED: m_allowScratchRegister
/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h(3830) : RegisterID
JSC::MacroAssemblerARM64::getCachedDataTempRegisterIDAndInvalidate()
1 0x105771280 WTFCrash
2 0x1045fa30c
JSC::MacroAssemblerARM64::getCachedDataTempRegisterIDAndInvalidate()
3 0x1045f6f0c
JSC::MacroAssemblerARM64::call(JSC::AbstractMacroAssembler<JSC::ARM64Assembler,
JSC::MacroAssemblerARM64>::Address)
4 0x1045f6cb0 JSC::B3::Air::CCallSpecial::generate(JSC::B3::Air::Inst&,
JSC::CCallHelpers&, JSC::B3::Air::GenerationContext&)
5 0x10468ecb0 JSC::B3::Air::PatchCustom::generate(JSC::B3::Air::Inst&,
JSC::CCallHelpers&, JSC::B3::Air::GenerationContext&)
6 0x104686c94 JSC::B3::Air::Inst::generate(JSC::CCallHelpers&,
JSC::B3::Air::GenerationContext&)
7 0x10463d228 JSC::B3::Air::generate(JSC::B3::Air::Code&, JSC::CCallHelpers&)
8 0x104765400 JSC::B3::generate(JSC::B3::Procedure&, JSC::CCallHelpers&)
9 0x105625368 JSC::Wasm::parseAndCompile(JSC::Wasm::CompilationContext&,
unsigned char const*, unsigned long, JSC::Wasm::Signature const&,
WTF::Vector<JSC::Wasm::UnlinkedWasmToWasmCall, 0ul, WTF::CrashOnOverflow,
16ul>&, JSC::Wasm::ModuleInformation const&, JSC::Wasm::MemoryMode,
JSC::Wasm::CompilationMode, unsigned int, JSC::Wasm::TierUpCount*)
10 0x1047294f4
JSC::Wasm::BBQPlan::compileFunctions(JSC::Wasm::Plan::CompilationEffort)
I think it's similar to what I'm fixing here, but may be separate and fixable
as a follow-up. I'll send repro instructions.
More information about the webkit-reviews
mailing list