[Webkit-unassigned] [Bug 168694] New: WebAssembly: doesn't with with --useJIT=0

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 21 17:00:03 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=168694

            Bug ID: 168694
           Summary: WebAssembly: doesn't with with --useJIT=0
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jfbastien at apple.com
                CC: fpizlo at apple.com, jfbastien at apple.com,
                    keith_miller at apple.com, mark.lam at apple.com,
                    msaboff at apple.com, sbarati at apple.com
            Blocks: 159775

We get an assertion in repatchNearCall because there's an immediate that doesn't fit. The problem is that without JIT the wasm code can't be linked to trampolines because they don't exist.

Simple repro:
  (cd ./JSTests/wasm/ && lldb ../../current-debug/bin/jsc -- -m --useWebAssembly=1 ./js-api/wasm-to-wasm.js --useConcurrentJIT=0 --useJIT=0)

We probably want to JIT just those stubs when WebAssembly is used, even if the JIT is disabled.

Backtrace:

1   0x1013d3e9d WTFCrash
2   0x100300839 JSC::X86Assembler::setRel32(void*, void*)
3   0x1009cf43d JSC::X86Assembler::relinkCall(void*, void*)
4   0x100e37731 JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::repatchNearCall(JSC::CodeLocationNearCall, JSC::CodeLocationLabel)
5   0x100e3753f JSC::linkFor(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CodeBlock*, JSC::JSFunction*, JSC::MacroAssemblerCodePtr)
6   0x100e02ff6 operationLinkCall
...

frame #1: 0x0000000100300839 JavaScriptCore`JSC::X86Assembler::setRel32(from=0x000039c74ec011be, to=0x0000000100e58c6e) + 89 at X86Assembler.h:3123
   3120        static void setRel32(void* from, void* to)
   3121        {
   3122            intptr_t offset = reinterpret_cast<intptr_t>(to) - reinterpret_cast<intptr_t>(from);
-> 3123            ASSERT(offset == static_cast<int32_t>(offset));
   3124    
   3125            setInt32(from, offset);
   3126        }
(lldb) p/x from
(void *) $0 = 0x000039c74ec011be
(lldb) p/x to
(void *) $1 = 0x0000000100e58c6e
(lldb) p/x offset
(intptr_t) $2 = 0xffffc639b2257ab0

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170222/8fd0e357/attachment-0001.html>

More information about the webkit-unassigned mailing list