[Webkit-unassigned] [Bug 273120] New: REGRESSION(277770 at main): [WASM][Debug] ASSERTION FAILED: v <= 0

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 23 04:26:00 PDT 2024


https://bugs.webkit.org/show_bug.cgi?id=273120

            Bug ID: 273120
           Summary: REGRESSION(277770 at main): [WASM][Debug] ASSERTION
                    FAILED: v <= 0
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: vitaly at igalia.com

Stack trace:
```
#0  WTFCrash() () at /home/vitaly/WebKit/Source/WTF/wtf/Assertions.cpp:353
#1  0x00007fda14f9b4f2 in WTFCrashWithInfo(int, char const*, char const*, int) () at /home/vitaly/WebKit/WebKitBuild/GTK/Debug/WTF/Headers/wtf/Assertions.h:862
#2  0x00007fda163a1d44 in WTF::negate<int>(int) (v=1) at /home/vitaly/WebKit/WebKitBuild/GTK/Debug/WTF/Headers/wtf/MathExtras.h:787
#3  0x00007fda16edf1de in JSC::MacroAssemblerX86Common::sub32(JSC::X86Registers::RegisterID, JSC::AbstractMacroAssembler<JSC::X86Assembler>::TrustedImm32, JSC::X86Registers::RegisterID) (this=0x7fffa80b1630, src=JSC::X86Registers::esi, imm=..., dest=JSC::X86Registers::eax) at /home/vitaly/WebKit/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h:908
#4  0x00007fda1738b4c0 in JSC::MacroAssembler::sub32(JSC::X86Registers::RegisterID, JSC::AbstractMacroAssembler<JSC::X86Assembler>::Imm32, JSC::X86Registers::RegisterID) (this=0x7fffa80b1630, src=JSC::X86Registers::esi, imm=..., dest=JSC::X86Registers::eax) at /home/vitaly/WebKit/Source/JavaScriptCore/assembler/MacroAssembler.h:2167
#5  0x00007fda173a3bf0 in JSC::Yarr::YarrGenerator<JSC::Yarr::YarrJITDefaultRegisters>::generate() (this=0x7fffa80b1770) at /home/vitaly/WebKit/Source/JavaScriptCore/yarr/YarrJIT.cpp:2752
#6  0x00007fda17398607 in JSC::Yarr::YarrGenerator<JSC::Yarr::YarrJITDefaultRegisters>::compile(JSC::Yarr::YarrCodeBlock&) (this=0x7fffa80b1770, codeBlock=...) at /home/vitaly/WebKit/Source/JavaScriptCore/yarr/YarrJIT.cpp:4786
#7  0x00007fda17394a72 in JSC::Yarr::jitCompile(JSC::Yarr::YarrPattern&, WTF::StringView, JSC::Yarr::CharSize, std::optional<WTF::StringView>, JSC::VM*, JSC::Yarr::YarrCodeBlock&, JSC::Yarr::JITCompileMode) (pattern=..., patternString=..., charSize=JSC::Yarr::CharSize::Char8, sampleString=std::optional<WTF::StringView> = {...}, vm=0x7fd9a9400000, codeBlock=..., mode=JSC::Yarr::JITCompileMode::IncludeSubpatterns) at /home/vitaly/WebKit/Source/JavaScriptCore/yarr/YarrJIT.cpp:5351
#8  0x00007fda16d4e448 in JSC::RegExp::compile(JSC::VM*, JSC::Yarr::CharSize, std::optional<WTF::StringView>) (this=0x7fda032e9498, vm=0x7fd9a9400000, charSize=JSC::Yarr::CharSize::Char8, sampleString=std::optional<WTF::StringView> = {...}) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExp.cpp:258
#9  0x00007fda15bc1219 in JSC::RegExp::compileIfNecessary(JSC::VM&, JSC::Yarr::CharSize, std::optional<WTF::StringView>) (this=0x7fda032e9498, vm=..., charSize=JSC::Yarr::CharSize::Char8, sampleString=std::optional<WTF::StringView> = {...}) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExpInlines.h:103
#10 0x00007fda16d558ad in JSC::RegExp::matchInline<WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, (JSC::Yarr::MatchFrom)0>(JSC::JSGlobalObject*, JSC::VM&, WTF::String const&, unsigned int, WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) (this=0x7fda032e9498, nullOrGlobalObject=0x7fd9a9159088, vm=..., s=..., startOffset=0, ovector=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExpInlines.h:114
#11 0x00007fda16d4e615 in JSC::RegExp::match(JSC::JSGlobalObject*, WTF::String const&, unsigned int, WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) (this=0x7fda032e9498, globalObject=0x7fd9a9159088, s=..., startOffset=0, ovector=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExp.cpp:281
#12 0x00007fda16d60838 in JSC::RegExpGlobalData::performMatch(JSC::JSGlobalObject*, JSC::RegExp*, JSC::JSString*, WTF::String const&, int, int**) (this=0x7fd9a91598a8, owner=0x7fd9a9159088, regExp=0x7fda032e9498, string=0x7fd9a93301a0, input=..., startOffset=0, ovector=0x7fffa80b4ea8) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExpGlobalDataInlines.h:56
#13 0x00007fda16da6b03 in JSC::replaceUsingRegExpSearch(JSC::VM&, JSC::JSGlobalObject*, JSC::JSString*, JSC::JSValue, JSC::CallData const&, WTF::String&, JSC::JSValue) (vm=..., globalObject=0x7fd9a9159088, string=0x7fd9a93301a0, searchValue=..., callData=..., replacementString=..., replaceValue=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/StringPrototype.cpp:659
#14 0x00007fda16da85aa in JSC::replaceUsingRegExpSearch(JSC::VM&, JSC::JSGlobalObject*, JSC::JSString*, JSC::JSValue, JSC::JSValue) (vm=..., globalObject=0x7fd9a9159088, string=0x7fd9a93301a0, searchValue=..., replaceValue=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/StringPrototype.cpp:819
#15 0x00007fda16da93c0 in JSC::stringProtoFuncReplaceUsingRegExp(JSC::JSGlobalObject*, JSC::CallFrame*) (globalObject=0x7fd9a9159088, callFrame=0x7fffa80b53d0) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/StringPrototype.cpp:906
#16 0x00007fd8a7e0c038 in  ()
#17 0x00007fffa80b5480 in  ()
#18 0x00007fda14f558fa in op_call_return_location () at /home/vitaly/WebKit/WebKitBuild/GTK/Debug/lib/libjavascriptcoregtk-6.0.so.1
```

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240423/3ac8422d/attachment.htm>


More information about the webkit-unassigned mailing list