[Webkit-unassigned] [Bug 168694] WebAssembly: doesn't with with --useJIT=0
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 21 18:10:56 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=168694
--- Comment #1 from Saam Barati <sbarati at apple.com> ---
(In reply to comment #0)
> We get an assertion in repatchNearCall because there's an immediate that
> doesn't fit. The problem is that without JIT the wasm code can't be linked
> to trampolines because they don't exist.
>
> Simple repro:
> (cd ./JSTests/wasm/ && lldb ../../current-debug/bin/jsc -- -m
> --useWebAssembly=1 ./js-api/wasm-to-wasm.js --useConcurrentJIT=0 --useJIT=0)
>
> We probably want to JIT just those stubs when WebAssembly is used, even if
> the JIT is disabled.
>
> Backtrace:
>
> 1 0x1013d3e9d WTFCrash
> 2 0x100300839 JSC::X86Assembler::setRel32(void*, void*)
> 3 0x1009cf43d JSC::X86Assembler::relinkCall(void*, void*)
> 4 0x100e37731 JSC::AbstractMacroAssembler<JSC::X86Assembler,
> JSC::MacroAssemblerX86Common>::repatchNearCall(JSC::CodeLocationNearCall,
> JSC::CodeLocationLabel)
> 5 0x100e3753f JSC::linkFor(JSC::ExecState*, JSC::CallLinkInfo&,
> JSC::CodeBlock*, JSC::JSFunction*, JSC::MacroAssemblerCodePtr)
> 6 0x100e02ff6 operationLinkCall
> ...
>
> frame #1: 0x0000000100300839
> JavaScriptCore`JSC::X86Assembler::setRel32(from=0x000039c74ec011be,
> to=0x0000000100e58c6e) + 89 at X86Assembler.h:3123
> 3120 static void setRel32(void* from, void* to)
> 3121 {
> 3122 intptr_t offset = reinterpret_cast<intptr_t>(to) -
> reinterpret_cast<intptr_t>(from);
> -> 3123 ASSERT(offset == static_cast<int32_t>(offset));
> 3124
> 3125 setInt32(from, offset);
> 3126 }
> (lldb) p/x from
> (void *) $0 = 0x000039c74ec011be
> (lldb) p/x to
> (void *) $1 = 0x0000000100e58c6e
> (lldb) p/x offset
> (intptr_t) $2 = 0xffffc639b2257ab0
Why would useJIT()=0 ever be valid with Wasm code? Seems like we should never allow running in that configuration since we're already relying on JITing for that call IC.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170222/e483b518/attachment.html>
More information about the webkit-unassigned
mailing list