[Webkit-unassigned] [Bug 169794] New: WebAssembly: spec-tests/memory.wast.js fails in debug
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 16 15:36:52 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=169794
Bug ID: 169794
Summary: WebAssembly: spec-tests/memory.wast.js fails in debug
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jfbastien at apple.com
CC: fpizlo at apple.com, jfbastien at apple.com,
keith_miller at apple.com, mark.lam at apple.com,
msaboff at apple.com, sbarati at apple.com
Blocks: 159775
Looks related to Signaling versus BoundsChecking when calling current_memory.
(cd ./JSTests/wasm/ && ../../current-debug/bin/jsc -m --useWebAssembly=1 ./spec-tests/memory.wast.js); echo $?
ASSERTION FAILED: wasmFunction->instance()->codeBlock()->isSafeToRun(wasmFunction->instance()->memory())
../Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp(60) : EncodedJSValue JSC::callWebAssemblyFunction(JSC::ExecState *)
1 0x108d2bd7d WTFCrash
2 0x108c3e190 JSC::callWebAssemblyFunction(JSC::ExecState*)
3 0x10878ce8a JSC::LLInt::handleHostCall(JSC::ExecState*, JSC::Instruction*, JSC::JSValue, JSC::CodeSpecializationKind)
4 0x1087890bd JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*)
5 0x108788383 JSC::LLInt::genericCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind)
6 0x108788273 llint_slow_path_call
7 0x108795ba9 llint_entry
8 0x1087959cf llint_entry
9 0x1087959cf llint_entry
10 0x10878e29e vmEntryToJavaScript
11 0x108723aee JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
12 0x1086d99ad JSC::Interpreter::execute(JSC::ModuleProgramExecutable*, JSC::ExecState*, JSC::JSModuleEnvironment*)
13 0x1089fee5c JSC::JSModuleRecord::evaluate(JSC::ExecState*)
14 0x1089f677e JSC::JSModuleLoader::evaluate(JSC::ExecState*, JSC::JSValue, JSC::JSValue, JSC::JSValue)
15 0x108a8f7d1 JSC::moduleLoaderPrototypeEvaluate(JSC::ExecState*)
16 0x445c14801028
17 0x1087959cf llint_entry
18 0x1087959cf llint_entry
19 0x1087959cf llint_entry
20 0x10878e29e vmEntryToJavaScript
21 0x108723aee JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
22 0x1086d81d2 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
23 0x1088eede8 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
24 0x1088ef05a JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
25 0x1089f0eb8 JSC::JSJobMicrotask::run(JSC::ExecState*)
26 0x108b56243 JSC::QueuedTask::run()
27 0x108b55e77 JSC::VM::drainMicrotasks()
28 0x10780b430 runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::String const&, bool, bool, bool)
29 0x1077cfcdf jscmain(int, char**)::$_9::operator()(JSC::VM&, GlobalObject*) const
30 0x1077c2e82 int runJSC<jscmain(int, char**)::$_9>(CommandLine, jscmain(int, char**)::$_9 const&)
31 0x1077c1b18 jscmain(int, char**)
139
The failing spec tests do the following:
(module (memory (data)) (func (export "memsize") (result i32) (current_memory)))
(assert_return (invoke "memsize") (i32.const 0))
(module (memory (data "")) (func (export "memsize") (result i32) (current_memory)))
(assert_return (invoke "memsize") (i32.const 0))
(module (memory (data "x")) (func (export "memsize") (result i32) (current_memory)))
(assert_return (invoke "memsize") (i32.const 1))
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170316/cecc15bd/attachment-0001.html>
More information about the webkit-unassigned
mailing list