103146 2012-11-23 08:16:33 -0800 ARMv7 replaceWithJump ASSERT failure after r135330. 2013-03-21 11:17:32 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Other Linux RESOLVED FIXED P2 Normal --- 108645 102662 103747 1 kilvadyb webkit-unassigned allan.jensen barraclough cgarcia ctruta fpizlo fu galpeter gergely noam oliver ossy palfia rgabor webkit.review.bot xan.lopez zherczeg oldest_to_newest 774573 0 kilvadyb 2012-11-23 08:16:33 -0800 Running v8 test v7 with jsc in debug mode on our ARMv7 board I received this ASSERT failure: Starting program: /data/kilvadyb/webkit-arm/webkit/WebKitBuild/Debug/bin/jsc run.js [Thread debugging using libthread_db enabled] [New Thread 0x42dc4400 (LWP 1111)] Richards: 161 DeltaBlue: 21.8 Crypto: 110 RayTrace: 101 ASSERTION FAILED: canBeJumpT4(instruction, target) /data/kilvadyb/webkit-arm/webkit/Source/JavaScriptCore/assembler/ARMv7Assembler.h(2475) : static void JSC::ARMv7Assembler::linkJumpT4(uint16_t*, void*) Program received signal SIGSEGV, Segmentation fault. 0x4040b38c in JSC::ARMv7Assembler::linkJumpT4 (instruction=0x455695f6, target=0x43599dc0) at /data/kilvadyb/webkit-arm/webkit/Source/JavaScriptCore/assembler/ARMv7Assembler.h:2475 2475 ASSERT(canBeJumpT4(instruction, target)); (gdb) I had similar problem on MIPS where a replaceWithJump would be easier to implement with direct jump instead of jump via register. 774718 1 fpizlo 2012-11-23 15:23:20 -0800 (In reply to comment #0) > Running v8 test v7 with jsc in debug mode on our ARMv7 board I received this ASSERT failure: > > Starting program: /data/kilvadyb/webkit-arm/webkit/WebKitBuild/Debug/bin/jsc run.js > [Thread debugging using libthread_db enabled] > [New Thread 0x42dc4400 (LWP 1111)] > Richards: 161 > DeltaBlue: 21.8 > Crypto: 110 > RayTrace: 101 > ASSERTION FAILED: canBeJumpT4(instruction, target) > /data/kilvadyb/webkit-arm/webkit/Source/JavaScriptCore/assembler/ARMv7Assembler.h(2475) : static void JSC::ARMv7Assembler::linkJumpT4(uint16_t*, void*) > > Program received signal SIGSEGV, Segmentation fault. > 0x4040b38c in JSC::ARMv7Assembler::linkJumpT4 (instruction=0x455695f6, target=0x43599dc0) > at /data/kilvadyb/webkit-arm/webkit/Source/JavaScriptCore/assembler/ARMv7Assembler.h:2475 > 2475 ASSERT(canBeJumpT4(instruction, target)); > (gdb) > > I had similar problem on MIPS where a replaceWithJump would be easier to implement with direct jump instead of jump via register. Actually, it looks like that assert is just wrong. I'll look more in a bit. 774822 2 kilvadyb 2012-11-24 07:06:30 -0800 (In reply to comment #1) > (In reply to comment #0) > > Running v8 test v7 with jsc in debug mode on our ARMv7 board I received this ASSERT failure: > > > > Starting program: /data/kilvadyb/webkit-arm/webkit/WebKitBuild/Debug/bin/jsc run.js > > [Thread debugging using libthread_db enabled] > > [New Thread 0x42dc4400 (LWP 1111)] > > Richards: 161 > > DeltaBlue: 21.8 > > Crypto: 110 > > RayTrace: 101 > > ASSERTION FAILED: canBeJumpT4(instruction, target) > > /data/kilvadyb/webkit-arm/webkit/Source/JavaScriptCore/assembler/ARMv7Assembler.h(2475) : static void JSC::ARMv7Assembler::linkJumpT4(uint16_t*, void*) > > > > Program received signal SIGSEGV, Segmentation fault. > > 0x4040b38c in JSC::ARMv7Assembler::linkJumpT4 (instruction=0x455695f6, target=0x43599dc0) > > at /data/kilvadyb/webkit-arm/webkit/Source/JavaScriptCore/assembler/ARMv7Assembler.h:2475 > > 2475 ASSERT(canBeJumpT4(instruction, target)); > > (gdb) > > > > I had similar problem on MIPS where a replaceWithJump would be easier to implement with direct jump instead of jump via register. > > Actually, it looks like that assert is just wrong. I'll look more in a bit. Thank you for checking it. On MIPS I have this problem (at exactly the same test step) when the "jump to a direct address" one word (4 bytes) instruction has boundaries and the target address of the jump is out of these boundaries. I guess the same happens on ARM when the target range of T4 type jump is not enough. On MIPS I could use target -> register jump via register but it would take 4 word (4 bytes == word) instructions so replaceWithJump might overwrite some useful already generated instructions and it would cause problems when replace-jump code should be reverted. I could solve it only with using nop instruction words to make place the 4 words replace-jump to make it possible to revert. On MIPS the usually replaced/overwritten code: lui t0, 0xXXXX ori t0, t0, 0xYYYY bne t0, t4, address nop (The same usually replaced code on ARM: movw r12, YYYY movt r12, XXXX cmp r12, rN bne address ) and the jump via register: lui t0, 0xXXXX ori t0, t0, 0xXXXX jr t0 nop ; necessary in "jump/branch slot". So this kind of jump replacement overwrites the "bne reg1, reg0, address" instruction and address value would be lost. 843975 3 xan.lopez 2013-02-28 04:21:53 -0800 (In reply to comment #1) > (In reply to comment #0) > > Running v8 test v7 with jsc in debug mode on our ARMv7 board I received this ASSERT failure: > > > > Starting program: /data/kilvadyb/webkit-arm/webkit/WebKitBuild/Debug/bin/jsc run.js > > Actually, it looks like that assert is just wrong. I'll look more in a bit. I get exactly the same behavior by reverting the entire patch or commenting that single ASSERT, so indeed it seems we are ASSERTing the wrong thing in there. 853198 4 rgabor 2013-03-12 01:53:03 -0700 Is there any progress on this? 854291 5 zherczeg 2013-03-13 07:48:16 -0700 Hey Filip, it seems many systems are plagued by this issue, and we need some help to fix it. The issue is that replaceWithJump() always use linkJumpT4(), which is limited to 4 byte long instruction space. Instead we need something like in linkJumpAbsolute() 10 byte long space area for doing a jump. I don't really understand why linkJump* functions uses instruction indexes below zero. Is it safe to use 5 instructions in replaceWithJump? This is the backtrace. It is clear that target-instruction is bigger than the allowed 24 bit difference: #0 0x000675f4 in JSC::ARMv7Assembler::linkJumpT4 (instruction=0xb4902a76, target=0xb6fd3f80) at /home/rgabor/commit/DFG/Source/JavaScriptCore/assembler/ARMv7Assembler.h:2521 #1 0x00199174 in JSC::ARMv7Assembler::replaceWithJump (instructionStart=0xb4902a72, to=0xb6fd3f80) at /home/rgabor/commit/DFG/Source/JavaScriptCore/assembler/ARMv7Assembler.h:2165 #2 0x001995b2 in JSC::MacroAssemblerARMv7::replaceWithJump (instructionStart=..., destination=...) at /home/rgabor/commit/DFG/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:1230 #3 0x0019b098 in JSC::RepatchBuffer::replaceWithJump (this=0xbeffea48, instructionStart=..., destination=...) at /home/rgabor/commit/DFG/Source/JavaScriptCore/assembler/RepatchBuffer.h:156 #4 0x0020d074 in JSC::JIT::privateCompileClosureCall (this=0xbeffeb40, callLinkInfo=0x7be514, calleeCodeBlock=0x7b9940, expectedStructure=0xb493f878, expectedExecutable=0xb42b8d78, codePtr=...) at /home/rgabor/commit/DFG/Source/JavaScriptCore/jit/JITCall32_64.cpp:348 857108 6 193562 zherczeg 2013-03-18 07:45:46 -0700 Created attachment 193562 patch for ARMv7 857273 7 ossy 2013-03-18 10:30:08 -0700 *** Bug 111704 has been marked as a duplicate of this bug. *** 857281 8 ossy 2013-03-18 10:33:50 -0700 (In reply to comment #6) > Created an attachment (id=193562) [details] > patch for ARMv7 It fixes the inspector crashes mentioned in https://bugs.webkit.org/show_bug.cgi?id=111704: http://build.webkit.sed.hu/builders/ARMv7%20Linux%20Qt5%20Release%20%28Test%29/builds/8083 859468 9 kilvadyb 2013-03-20 09:02:16 -0700 *** Bug 112816 has been marked as a duplicate of this bug. *** 859757 10 zherczeg 2013-03-20 14:48:00 -0700 I would be grateful if somebody would review this patch. Thanks. 859762 11 xan.lopez 2013-03-20 14:56:40 -0700 (In reply to comment #10) > I would be grateful if somebody would review this patch. Thanks. FWIW I was seeing this crash in QNX, not Linux, so I suspect the fix should be more generic. 859775 12 193562 webkit.review.bot 2013-03-20 15:09:46 -0700 Comment on attachment 193562 patch for ARMv7 Clearing flags on attachment: 193562 Committed r146396: <http://trac.webkit.org/changeset/146396> 859776 13 webkit.review.bot 2013-03-20 15:09:53 -0700 All reviewed patches have been landed. Closing bug. 859992 14 zherczeg 2013-03-20 20:58:54 -0700 > FWIW I was seeing this crash in QNX, not Linux, so I suspect the fix should be more generic. Did you try the patch? Does it fix your platform? If so, we can make it more generic by adding your OS to the list. 860028 15 fpizlo 2013-03-20 22:15:19 -0700 (In reply to comment #14) > > FWIW I was seeing this crash in QNX, not Linux, so I suspect the fix should be more generic. > > Did you try the patch? Does it fix your platform? If so, we can make it more generic by adding your OS to the list. I think that the reason why you guys are seeing this badness is that you're using the ExecutableAllocator and not ExecutableAllocatorFixedVMPool, or whatever it is called. We used the FixedVMPool on both X86_64 and ARMv7. We do it for two simple reasons: - About ~16MB is more than enough, since JSC only JITs things when it absolutely needs to. - Having all JIT memory within a confined pool means that we can consistently use compact jumps. Maybe the right thing for y'all is to switch to using the fixed VM pool? Maybe the right thing for the project is to switch *everything* over to the fixed pool, including x86-32, so we can simplify the code and all share the invariant that for a given JSGlobalData, any two slabs of JIT code will always be within a small enough distance from each other that a relatively compact jump can be emitted? (Note that for example the choice of 16MB on ARMv7, and 1GB on X86_64, is a direct consequent of the largest jumpable distance using a single jump instruction, on those platforms.) 860200 16 zherczeg 2013-03-21 04:15:21 -0700 > Maybe the right thing for y'all is to switch to using the fixed VM pool? I have no objections. We will try this pool in due course, and let you know whether it works. 860228 17 xan.lopez 2013-03-21 05:02:48 -0700 (In reply to comment #14) > > FWIW I was seeing this crash in QNX, not Linux, so I suspect the fix should be more generic. > > Did you try the patch? Does it fix your platform? If so, we can make it more generic by adding your OS to the list. Nope, I haven't, but if I read it right most of the changes are guarded by OS(LINUX) stuff. I guess maybe the nowp() thing should work, since is the only generic change? Anyway I'll try to test it ASAP. 860482 18 ctruta 2013-03-21 11:17:32 -0700 (In reply to comment #17) > > Did you try the patch? Does it fix your platform? If so, we can make it more generic by adding your OS to the list. > > Nope, I haven't, but if I read it right most of the changes are guarded by OS(LINUX) stuff. I guess maybe the nowp() thing should work, since is the only generic change? Anyway I'll try to test it ASAP. Indeed, I added OS(QNX) besides OS(LINUX), and that solved the problem. See bug 112863. 193562 2013-03-18 07:45:46 -0700 2013-03-20 15:09:45 -0700 patch for ARMv7 arm.patch text/plain 5693 zherczeg ZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cgYi9Tb3VyY2UvSmF2 YVNjcmlwdENvcmUvQ2hhbmdlTG9nCmluZGV4IGFmMzY0OTAuLjkwMWMyYjUgMTAwNjQ0Ci0tLSBh L1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL0phdmFTY3JpcHRD b3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDI0IEBACisyMDEzLTAzLTE4ICBab2x0YW4gSGVyY3pl ZyAgPHpoZXJjemVnQHdlYmtpdC5vcmc+CisKKyAgICAgICAgQVJNdjcgcmVwbGFjZVdpdGhKdW1w IEFTU0VSVCBmYWlsdXJlIGFmdGVyIHIxMzUzMzAuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJr aXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMDMxNDYKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JP RFkgKE9PUFMhKS4KKworICAgICAgICBPbiBMaW51eCwgdGhlIDI0IGJpdCBkaXN0YW5jZSByYW5n ZSBvZiBqdW1wcyBzb21ldGltZXMgZG9lcyBub3QKKyAgICAgICAgZW5vdWdoIHRvIGNvdmVyIGFs bCB0YXJnZXRzIGFkZHJlc3Nlcy4gVGhpcyBwYXRjaCBzdXBwb3J0cyBqdW1wcworICAgICAgICBv dXRzaWRlIG9mIHRoaXMgcmFuZ2UgdXNpbmcgYSBtb3YvbW92dC9ieCAxMCBieXRlIGxvbmcgc2Vx dWVuY2UuCisKKyAgICAgICAgKiBhc3NlbWJsZXIvQVJNdjdBc3NlbWJsZXIuaDoKKyAgICAgICAg KEFSTXY3QXNzZW1ibGVyKToKKyAgICAgICAgKEpTQzo6QVJNdjdBc3NlbWJsZXI6OnJldmVydEp1 bXBUb19tb3ZUM21vdnRjbXBUMik6CisgICAgICAgIChKU0M6OkFSTXY3QXNzZW1ibGVyOjpub3B3 KToKKyAgICAgICAgKEpTQzo6QVJNdjdBc3NlbWJsZXI6OmxhYmVsKToKKyAgICAgICAgKEpTQzo6 QVJNdjdBc3NlbWJsZXI6OnJlcGxhY2VXaXRoSnVtcCk6CisgICAgICAgIChKU0M6OkFSTXY3QXNz ZW1ibGVyOjptYXhKdW1wUmVwbGFjZW1lbnRTaXplKToKKyAgICAgICAgKiBhc3NlbWJsZXIvTWFj cm9Bc3NlbWJsZXJBUk12Ny5oOgorICAgICAgICAoSlNDOjpNYWNyb0Fzc2VtYmxlckFSTXY3Ojpy ZXZlcnRKdW1wUmVwbGFjZW1lbnRUb0JyYW5jaFB0cldpdGhQYXRjaCk6CisKIDIwMTMtMDMtMTMg IFJ5b3N1a2UgTml3YSAgPHJuaXdhQHdlYmtpdC5vcmc+CiAKICAgICAgICAgVGhyZWFkZWQgSFRN TCBQYXJzZXIgaXMgbWlzc2luZyBmZWF0dXJlIGRlZmluZSBmbGFncyBpbiBhbGwgYnV0IENocm9t aXVtIHBvcnQncyBidWlsZCBmaWxlcwpkaWZmIC0tZ2l0IGEvU291cmNlL0phdmFTY3JpcHRDb3Jl L2Fzc2VtYmxlci9BUk12N0Fzc2VtYmxlci5oIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL2Fzc2Vt Ymxlci9BUk12N0Fzc2VtYmxlci5oCmluZGV4IGU4OTQ0MjguLmFiYjFhYWEgMTAwNjQ0Ci0tLSBh L1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9hc3NlbWJsZXIvQVJNdjdBc3NlbWJsZXIuaAorKysgYi9T b3VyY2UvSmF2YVNjcmlwdENvcmUvYXNzZW1ibGVyL0FSTXY3QXNzZW1ibGVyLmgKQEAgLTEyNjYs NiArMTI2NiwyMCBAQCBwdWJsaWM6CiAgICAgICAgIG1fZm9ybWF0dGVyLnR3b1dvcmRPcDVpNklt bTRSZWc0RW5jb2RlZEltbShPUF9NT1ZfaW1tX1QzLCBpbW0ubV92YWx1ZS5pbW00LCByZCwgaW1t KTsKICAgICB9CiAgICAgCisjaWYgT1MoTElOVVgpCisgICAgc3RhdGljIHZvaWQgcmV2ZXJ0SnVt cFRvX21vdlQzbW92dGNtcFQyKHZvaWQqIGluc3RydWN0aW9uU3RhcnQsIFJlZ2lzdGVySUQgbGVm dCwgUmVnaXN0ZXJJRCByaWdodCwgdWludHB0cl90IGltbSkKKyAgICB7CisgICAgICAgIHVpbnQx Nl90KiBhZGRyZXNzID0gc3RhdGljX2Nhc3Q8dWludDE2X3QqPihpbnN0cnVjdGlvblN0YXJ0KTsK KyAgICAgICAgQVJNVGh1bWJJbW1lZGlhdGUgbG8xNiA9IEFSTVRodW1iSW1tZWRpYXRlOjptYWtl VUludDE2KHN0YXRpY19jYXN0PHVpbnQxNl90PihpbW0pKTsKKyAgICAgICAgQVJNVGh1bWJJbW1l ZGlhdGUgaGkxNiA9IEFSTVRodW1iSW1tZWRpYXRlOjptYWtlVUludDE2KHN0YXRpY19jYXN0PHVp bnQxNl90PihpbW0gPj4gMTYpKTsKKyAgICAgICAgYWRkcmVzc1swXSA9IHR3b1dvcmRPcDVpNklt bTRSZWc0RW5jb2RlZEltbUZpcnN0KE9QX01PVl9pbW1fVDMsIGxvMTYpOworICAgICAgICBhZGRy ZXNzWzFdID0gdHdvV29yZE9wNWk2SW1tNFJlZzRFbmNvZGVkSW1tU2Vjb25kKHJpZ2h0LCBsbzE2 KTsKKyAgICAgICAgYWRkcmVzc1syXSA9IHR3b1dvcmRPcDVpNkltbTRSZWc0RW5jb2RlZEltbUZp cnN0KE9QX01PVlQsIGhpMTYpOworICAgICAgICBhZGRyZXNzWzNdID0gdHdvV29yZE9wNWk2SW1t NFJlZzRFbmNvZGVkSW1tU2Vjb25kKHJpZ2h0LCBoaTE2KTsKKyAgICAgICAgYWRkcmVzc1s0XSA9 IE9QX0NNUF9yZWdfVDIgfCBsZWZ0OworICAgICAgICBjYWNoZUZsdXNoKGFkZHJlc3MsIHNpemVv Zih1aW50MTZfdCkgKiA1KTsKKyAgICB9CisjZWxzZQogICAgIHN0YXRpYyB2b2lkIHJldmVydEp1 bXBUb19tb3ZUMyh2b2lkKiBpbnN0cnVjdGlvblN0YXJ0LCBSZWdpc3RlcklEIHJkLCBBUk1UaHVt YkltbWVkaWF0ZSBpbW0pCiAgICAgewogICAgICAgICBBU1NFUlQoaW1tLmlzVmFsaWQoKSk7CkBA IC0xMjc3LDYgKzEyOTEsNyBAQCBwdWJsaWM6CiAgICAgICAgIGFkZHJlc3NbMV0gPSB0d29Xb3Jk T3A1aTZJbW00UmVnNEVuY29kZWRJbW1TZWNvbmQocmQsIGltbSk7CiAgICAgICAgIGNhY2hlRmx1 c2goYWRkcmVzcywgc2l6ZW9mKHVpbnQxNl90KSAqIDIpOwogICAgIH0KKyNlbmRpZgogCiAgICAg QUxXQVlTX0lOTElORSB2b2lkIG1vdihSZWdpc3RlcklEIHJkLCBBUk1UaHVtYkltbWVkaWF0ZSBp bW0pCiAgICAgewpAQCAtMTg4Miw3ICsxODk3LDEyIEBAIHB1YmxpYzoKICAgICB7CiAgICAgICAg IG1fZm9ybWF0dGVyLm9uZVdvcmRPcDhJbW04KE9QX05PUF9UMSwgMCk7CiAgICAgfQotICAgIAor CisgICAgdm9pZCBub3B3KCkKKyAgICB7CisgICAgICAgIG1fZm9ybWF0dGVyLnR3b1dvcmRPcDE2 T3AxNihPUF9OT1BfVDJhLCBPUF9OT1BfVDJiKTsKKyAgICB9CisKICAgICBBc3NlbWJsZXJMYWJl bCBsYWJlbElnbm9yaW5nV2F0Y2hwb2ludHMoKQogICAgIHsKICAgICAgICAgcmV0dXJuIG1fZm9y bWF0dGVyLmxhYmVsKCk7CkBAIC0xOTAyLDcgKzE5MjIsMTAgQEAgcHVibGljOgogICAgIHsKICAg ICAgICAgQXNzZW1ibGVyTGFiZWwgcmVzdWx0ID0gbV9mb3JtYXR0ZXIubGFiZWwoKTsKICAgICAg ICAgd2hpbGUgKFVOTElLRUxZKHN0YXRpY19jYXN0PGludD4ocmVzdWx0Lm1fb2Zmc2V0KSA8IG1f aW5kZXhPZlRhaWxPZkxhc3RXYXRjaHBvaW50KSkgewotICAgICAgICAgICAgbm9wKCk7CisgICAg ICAgICAgICBpZiAoVU5MSUtFTFkoc3RhdGljX2Nhc3Q8aW50PihyZXN1bHQubV9vZmZzZXQpICsg NCA8PSBtX2luZGV4T2ZUYWlsT2ZMYXN0V2F0Y2hwb2ludCkpCisgICAgICAgICAgICAgICAgbm9w dygpOworICAgICAgICAgICAgZWxzZQorICAgICAgICAgICAgICAgIG5vcCgpOwogICAgICAgICAg ICAgcmVzdWx0ID0gbV9mb3JtYXR0ZXIubGFiZWwoKTsKICAgICAgICAgfQogICAgICAgICByZXR1 cm4gcmVzdWx0OwpAQCAtMjE2MCwxNSArMjE4MywzMSBAQCBwdWJsaWM6CiAgICAgewogICAgICAg ICBBU1NFUlQoIShiaXR3aXNlX2Nhc3Q8dWludHB0cl90PihpbnN0cnVjdGlvblN0YXJ0KSAmIDEp KTsKICAgICAgICAgQVNTRVJUKCEoYml0d2lzZV9jYXN0PHVpbnRwdHJfdD4odG8pICYgMSkpOwor CisjaWYgT1MoTElOVVgpCisgICAgICAgIGlmIChjYW5CZUp1bXBUNChyZWludGVycHJldF9jYXN0 PHVpbnQxNl90Kj4oaW5zdHJ1Y3Rpb25TdGFydCksIHRvKSkgeworICAgICAgICAgICAgdWludDE2 X3QqIHB0ciA9IHJlaW50ZXJwcmV0X2Nhc3Q8dWludDE2X3QqPihpbnN0cnVjdGlvblN0YXJ0KSAr IDI7CisgICAgICAgICAgICBsaW5rSnVtcFQ0KHB0ciwgdG8pOworICAgICAgICAgICAgY2FjaGVG bHVzaChwdHIgLSAyLCBzaXplb2YodWludDE2X3QpICogMik7CisgICAgICAgIH0gZWxzZSB7Cisg ICAgICAgICAgICB1aW50MTZfdCogcHRyID0gcmVpbnRlcnByZXRfY2FzdDx1aW50MTZfdCo+KGlu c3RydWN0aW9uU3RhcnQpICsgNTsKKyAgICAgICAgICAgIGxpbmtCWChwdHIsIHRvKTsKKyAgICAg ICAgICAgIGNhY2hlRmx1c2gocHRyIC0gNSwgc2l6ZW9mKHVpbnQxNl90KSAqIDUpOworICAgICAg ICB9CisjZWxzZQogICAgICAgICB1aW50MTZfdCogcHRyID0gcmVpbnRlcnByZXRfY2FzdDx1aW50 MTZfdCo+KGluc3RydWN0aW9uU3RhcnQpICsgMjsKLSAgICAgICAgCiAgICAgICAgIGxpbmtKdW1w VDQocHRyLCB0byk7CiAgICAgICAgIGNhY2hlRmx1c2gocHRyIC0gMiwgc2l6ZW9mKHVpbnQxNl90 KSAqIDIpOworI2VuZGlmCiAgICAgfQogICAgIAogICAgIHN0YXRpYyBwdHJkaWZmX3QgbWF4SnVt cFJlcGxhY2VtZW50U2l6ZSgpCiAgICAgeworI2lmIE9TKExJTlVYKQorICAgICAgICByZXR1cm4g MTA7CisjZWxzZQogICAgICAgICByZXR1cm4gNDsKKyNlbmRpZgogICAgIH0KICAgICAKICAgICBz dGF0aWMgdm9pZCByZXBsYWNlV2l0aExvYWQodm9pZCogaW5zdHJ1Y3Rpb25TdGFydCkKZGlmZiAt LWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9hc3NlbWJsZXIvTWFjcm9Bc3NlbWJsZXJBUk12 Ny5oIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL2Fzc2VtYmxlci9NYWNyb0Fzc2VtYmxlckFSTXY3 LmgKaW5kZXggOGQ3YTNhNi4uMTNjNjc1MiAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRD b3JlL2Fzc2VtYmxlci9NYWNyb0Fzc2VtYmxlckFSTXY3LmgKKysrIGIvU291cmNlL0phdmFTY3Jp cHRDb3JlL2Fzc2VtYmxlci9NYWNyb0Fzc2VtYmxlckFSTXY3LmgKQEAgLTE3NjcsOSArMTc2Nywx NCBAQCBwdWJsaWM6CiAgICAgICAgIHJldHVybiBsYWJlbC5sYWJlbEF0T2Zmc2V0KC10d29Xb3Jk T3BTaXplICogMik7CiAgICAgfQogICAgIAotICAgIHN0YXRpYyB2b2lkIHJldmVydEp1bXBSZXBs YWNlbWVudFRvQnJhbmNoUHRyV2l0aFBhdGNoKENvZGVMb2NhdGlvbkxhYmVsIGluc3RydWN0aW9u U3RhcnQsIFJlZ2lzdGVySUQsIHZvaWQqIGluaXRpYWxWYWx1ZSkKKyAgICBzdGF0aWMgdm9pZCBy ZXZlcnRKdW1wUmVwbGFjZW1lbnRUb0JyYW5jaFB0cldpdGhQYXRjaChDb2RlTG9jYXRpb25MYWJl bCBpbnN0cnVjdGlvblN0YXJ0LCBSZWdpc3RlcklEIHJkLCB2b2lkKiBpbml0aWFsVmFsdWUpCiAg ICAgeworI2lmIE9TKExJTlVYKQorICAgICAgICBBUk12N0Fzc2VtYmxlcjo6cmV2ZXJ0SnVtcFRv X21vdlQzbW92dGNtcFQyKGluc3RydWN0aW9uU3RhcnQuZGF0YUxvY2F0aW9uKCksIHJkLCBkYXRh VGVtcFJlZ2lzdGVyLCByZWludGVycHJldF9jYXN0PHVpbnRwdHJfdD4oaW5pdGlhbFZhbHVlKSk7 CisjZWxzZQorICAgICAgICBVTlVTRURfUEFSQU0ocmQpOwogICAgICAgICBBUk12N0Fzc2VtYmxl cjo6cmV2ZXJ0SnVtcFRvX21vdlQzKGluc3RydWN0aW9uU3RhcnQuZGF0YUxvY2F0aW9uKCksIGRh dGFUZW1wUmVnaXN0ZXIsIEFSTVRodW1iSW1tZWRpYXRlOjptYWtlVUludDE2KHJlaW50ZXJwcmV0 X2Nhc3Q8dWludHB0cl90Pihpbml0aWFsVmFsdWUpICYgMHhmZmZmKSk7CisjZW5kaWYKICAgICB9 CiAgICAgCiAgICAgc3RhdGljIENvZGVMb2NhdGlvbkxhYmVsIHN0YXJ0T2ZQYXRjaGFibGVCcmFu Y2hQdHJXaXRoUGF0Y2hPbkFkZHJlc3MoQ29kZUxvY2F0aW9uRGF0YUxhYmVsUHRyKQo=