[Webkit-unassigned] [Bug 246705] New: [JSC] AssemblyComents.h assertion failure when not using libpas allocator

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 18 12:53:33 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=246705

            Bug ID: 246705
           Summary: [JSC] AssemblyComents.h assertion failure when not
                    using libpas allocator
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jgriego at igalia.com

As title. On e.g. armv7 linux where the libpas allocator is not used, using a debug build, the following reproduces the failure:

     ./WebKitBuild/Debug/bin/jsc --dumpDisassembly=1 JSTests/stress/dfg-branch.js

ASSERTION FAILED: newEnd <= thisStart || thisEnd <= newStart
../../Source/JavaScriptCore/assembler/AssemblyComments.h(63) : void JSC::AssemblyCommentRegistry::registerCodeRange(void*, void*, JSC::AssemblyCommentRegistry::CommentMap&&)
Aborted

This seems to be because the comment registry range for a executable region is not unregistered when the memory reason is released back to the allocator--patch forthcoming

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221018/92cafa50/attachment-0001.htm>

More information about the webkit-unassigned mailing list