[Webkit-unassigned] [Bug 28317] Assertion being hit on layout tests in debug build

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 18 19:03:53 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=28317





--- Comment #9 from Gavin Barraclough <barraclough at apple.com>  2009-08-18 19:03:53 PDT ---
(From update of attachment 35036)
(In reply to comment #7)
> It seems that differenceBetween(coldPathBegin, call) varies between 35 and 41
> :S
> 
> if isMethodCheck == True
>   patchOffsetGetByIdSlowCaseCall == 41
> else
>   patchOffsetGetByIdSlowCaseCall == 35

Hi Priit,

This value shouldn't be varying, the fix here will not be to just change the
constant, since this will then fail if isMethodCheck is true.  This patch will
break x86-64 on OS X, so please not not land this change.


The code generated should look something like this:

// stubCall.addArgument(regT0);
0x5548490019a9:    mov    %rax,0x8(%rsp)
    ^ 5 bytes

// stubCall.addArgument(ImmPtr(ident));
0x5548490019ae:    mov    $0x100627c90,%r11
0x5548490019b8:    mov    %r11,0x10(%rsp)
    ^ 20 bytes (5 + 15)

// Call call = stubCall.call(resultVReg);
0x5548490019bd:    mov    %rsp,%rdi
0x5548490019c0:    mov    %r13,0x58(%rsp)
0x5548490019c5:    mov    $0x10010c7c4,%r11
0x5548490019cf:    callq  *%r11
    ^ 41 bytes (5 + 15 + 21)
0x5548490019d2:    mov    %rax,0x0(%r13)
    ^ 45 bytes (5 + 15 + 21 + 4)

The offset of 41 is the offset to the end of the call instruction planted by
the call to 'stubCall.call'.

I'd suggest you try replacing:
    ASSERT(differenceBetween(coldPathBegin, call) ==
patchOffsetGetByIdSlowCaseCall);
with:
    if (differenceBetween(coldPathBegin, call) !=
patchOffsetGetByIdSlowCaseCall) breakpoint();
on line 1260 of JITPropertyAccess.cpp, then run a failing test under gdb.

You should hit the breakpoint, and then be able to grab from memory the
instructions that are actually being generated - then we can hopefully work out
what what the underlying problem is.

cheers,
G.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list