[Webkit-unassigned] [Bug 116853] ASSERTION FAILED: low in JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 3 17:26:03 PDT 2013


Mark Lam <mark.lam at apple.com> changed:

           What    |Removed                     |Added
                 CC|                            |mark.lam at apple.com

--- Comment #3 from Mark Lam <mark.lam at apple.com>  2013-06-03 17:24:35 PST ---
Here's some data from the site of the assertion failure for this test case:

1. The assertion is in UnlinkedCodeBlock::expressionRangeForBytecodeOffset() which does a binary search of the m_expressionInfo Vector to find the range that the bytecodeOffset resides in.
2. The specified bytecodeOffset in this case is 4.
3. The m_expressionInfo Vector only has 1 entry:

(gdb) p expressionInfo.size()
$2 = 1
(gdb) p expressionInfo[0].instructionOffset
$4 = 19

The binary search in (1) starts with low = 0, and high = expressionInfo.size() i.e. 1.  Since the one entry in the Vector has an instructionOffset that exceeds the bytecodeOffset, it makes sense that the resultant low value is 0.

It looks like the assertion is invalid.  When the assertion is commented out, the reported line and column number in the stack trace is also correct.

I need to do a little bit more due diligence to check how expressionInfo is generated and see if there's any reason why the expressionRangeForBytecodeOffset() should not get the 0th entry in that Vector.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list