<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body>

      <p>

        <div>

            <b><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - WebAssembly: doesn't with with --useJIT=0"

   href="https://bugs.webkit.org/show_bug.cgi?id=168694#c1">Comment # 1</a>

              on <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - WebAssembly: doesn't with with --useJIT=0"

   href="https://bugs.webkit.org/show_bug.cgi?id=168694">bug 168694</a>

              from <span class="vcard"><a class="email" href="mailto:sbarati&#64;apple.com" title="Saam Barati &lt;sbarati&#64;apple.com&gt;"> <span class="fn">Saam Barati</span></a>

</span></b>

        <pre>(In reply to <a href="show_bug.cgi?id=168694#c0">comment #0</a>)

<span class="quote">&gt; We get an assertion in repatchNearCall because there's an immediate that

&gt; doesn't fit. The problem is that without JIT the wasm code can't be linked

&gt; to trampolines because they don't exist.

&gt; 

&gt; Simple repro:

&gt;   (cd ./JSTests/wasm/ &amp;&amp; lldb ../../current-debug/bin/jsc -- -m

&gt; --useWebAssembly=1 ./js-api/wasm-to-wasm.js --useConcurrentJIT=0 --useJIT=0)

&gt; 

&gt; We probably want to JIT just those stubs when WebAssembly is used, even if

&gt; the JIT is disabled.

&gt; 

&gt; Backtrace:

&gt; 

&gt; 1   0x1013d3e9d WTFCrash

&gt; 2   0x100300839 JSC::X86Assembler::setRel32(void*, void*)

&gt; 3   0x1009cf43d JSC::X86Assembler::relinkCall(void*, void*)

&gt; 4   0x100e37731 JSC::AbstractMacroAssembler&lt;JSC::X86Assembler,

&gt; JSC::MacroAssemblerX86Common&gt;::repatchNearCall(JSC::CodeLocationNearCall,

&gt; JSC::CodeLocationLabel)

&gt; 5   0x100e3753f JSC::linkFor(JSC::ExecState*, JSC::CallLinkInfo&amp;,

&gt; JSC::CodeBlock*, JSC::JSFunction*, JSC::MacroAssemblerCodePtr)

&gt; 6   0x100e02ff6 operationLinkCall

&gt; ...

&gt; 

&gt; frame #1: 0x0000000100300839

&gt; JavaScriptCore`JSC::X86Assembler::setRel32(from=0x000039c74ec011be,

&gt; to=0x0000000100e58c6e) + 89 at X86Assembler.h:3123

&gt;    3120            static void setRel32(void* from, void* to)

&gt;    3121            {

&gt;    3122                intptr_t offset = reinterpret_cast&lt;intptr_t&gt;(to) -

&gt; reinterpret_cast&lt;intptr_t&gt;(from);

&gt; -&gt; 3123                ASSERT(offset == static_cast&lt;int32_t&gt;(offset));

&gt;    3124        

&gt;    3125                setInt32(from, offset);

&gt;    3126            }

&gt; (lldb) p/x from

&gt; (void *) $0 = 0x000039c74ec011be

&gt; (lldb) p/x to

&gt; (void *) $1 = 0x0000000100e58c6e

&gt; (lldb) p/x offset

&gt; (intptr_t) $2 = 0xffffc639b2257ab0</span >

Why would useJIT()=0 ever be valid with Wasm code? Seems like we should never allow running in that configuration since we're already relying on JITing for that call IC.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>