[Webkit-unassigned] [Bug 103146] ARMv7 replaceWithJump ASSERT failure after r135330.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 13 07:45:52 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=103146


Zoltan Herczeg <zherczeg at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |zherczeg at webkit.org




--- Comment #5 from Zoltan Herczeg <zherczeg at webkit.org>  2013-03-13 07:48:16 PST ---
Hey Filip,

it seems many systems are plagued by this issue, and we need some help to fix it. The issue is that replaceWithJump() always use linkJumpT4(), which is limited to 4 byte long instruction space. Instead we need something like in linkJumpAbsolute() 10 byte long space area for doing a jump. I don't really understand why linkJump* functions uses instruction indexes below zero. Is it safe to use 5 instructions in replaceWithJump?

This is the backtrace. It is clear that target-instruction is bigger than the allowed 24 bit difference:

#0 0x000675f4 in JSC::ARMv7Assembler::linkJumpT4 (instruction=0xb4902a76, target=0xb6fd3f80)
at /home/rgabor/commit/DFG/Source/JavaScriptCore/assembler/ARMv7Assembler.h:2521
#1 0x00199174 in JSC::ARMv7Assembler::replaceWithJump (instructionStart=0xb4902a72, to=0xb6fd3f80)
at /home/rgabor/commit/DFG/Source/JavaScriptCore/assembler/ARMv7Assembler.h:2165
#2 0x001995b2 in JSC::MacroAssemblerARMv7::replaceWithJump (instructionStart=..., destination=...)
at /home/rgabor/commit/DFG/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:1230
#3 0x0019b098 in JSC::RepatchBuffer::replaceWithJump (this=0xbeffea48, instructionStart=..., destination=...)
at /home/rgabor/commit/DFG/Source/JavaScriptCore/assembler/RepatchBuffer.h:156
#4 0x0020d074 in JSC::JIT::privateCompileClosureCall (this=0xbeffeb40, callLinkInfo=0x7be514, calleeCodeBlock=0x7b9940, expectedStructure=0xb493f878,
expectedExecutable=0xb42b8d78, codePtr=...) at /home/rgabor/commit/DFG/Source/JavaScriptCore/jit/JITCall32_64.cpp:348

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list