[Webkit-unassigned] [Bug 210685] REGRESSION(r251875): Crash in JSC::StructureIDTable::get on ppc64le: gcSafeMemcpy broken on JSVALUE64 platforms other than x86_64 and aarch64
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 7 10:29:56 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=210685
--- Comment #28 from Michael Catanzaro <mcatanzaro at gnome.org> ---
Comment on attachment 398740
--> https://bugs.webkit.org/attachment.cgi?id=398740
Patch to fix the regression
View in context: https://bugs.webkit.org/attachment.cgi?id=398740&action=review
If you have a git checkout, please run Tools/Scripts/prepare-ChangeLog -b 210685 to prepare the patch for Bugzilla. If you're working from tarball, probably easiest for me to do that for you.
> Source/JavaScriptCore/heap/GCMemoryOperations.h:57
> + if (bytes <= smallCutoff || (!isARM64() && !isX86_64()))
Probably best to use build guards here rather than runtime guards.
What I would do in your patch is: not touch this line, keep the call to slowPathForwardMemcpy() belong, remove the RELEASE_ASSERT(isX86_64()), and then add another #else that also calls slowPathForwardMemcpy() when this second #if CPU(X86_64) branch is not taken. Sound good? That results in a confusing mess, but importantly it would be parallel to the confusing mess in the other two functions, below, both of which duplicate the fallback path first for non-x86_64/aarch64 and then again for non-GCC/clang.
Then I can follow up with a patch to change the guards so that we don't need to write the fallback case twice in a row at the bottom of the function.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200507/66622fcb/attachment.htm>
More information about the webkit-unassigned
mailing list