273120 2024-04-23 04:26:00 -0700 REGRESSION(277770@main): [WASM][Debug] ASSERTION FAILED: v <= 0 2024-04-23 08:57:04 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED DUPLICATE 273048 P2 Normal --- 1 vitaly webkit-unassigned oldest_to_newest 2030513 0 vitaly 2024-04-23 04:26:00 -0700 Stack trace: ``` #0 WTFCrash() () at /home/vitaly/WebKit/Source/WTF/wtf/Assertions.cpp:353 #1 0x00007fda14f9b4f2 in WTFCrashWithInfo(int, char const*, char const*, int) () at /home/vitaly/WebKit/WebKitBuild/GTK/Debug/WTF/Headers/wtf/Assertions.h:862 #2 0x00007fda163a1d44 in WTF::negate<int>(int) (v=1) at /home/vitaly/WebKit/WebKitBuild/GTK/Debug/WTF/Headers/wtf/MathExtras.h:787 #3 0x00007fda16edf1de in JSC::MacroAssemblerX86Common::sub32(JSC::X86Registers::RegisterID, JSC::AbstractMacroAssembler<JSC::X86Assembler>::TrustedImm32, JSC::X86Registers::RegisterID) (this=0x7fffa80b1630, src=JSC::X86Registers::esi, imm=..., dest=JSC::X86Registers::eax) at /home/vitaly/WebKit/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h:908 #4 0x00007fda1738b4c0 in JSC::MacroAssembler::sub32(JSC::X86Registers::RegisterID, JSC::AbstractMacroAssembler<JSC::X86Assembler>::Imm32, JSC::X86Registers::RegisterID) (this=0x7fffa80b1630, src=JSC::X86Registers::esi, imm=..., dest=JSC::X86Registers::eax) at /home/vitaly/WebKit/Source/JavaScriptCore/assembler/MacroAssembler.h:2167 #5 0x00007fda173a3bf0 in JSC::Yarr::YarrGenerator<JSC::Yarr::YarrJITDefaultRegisters>::generate() (this=0x7fffa80b1770) at /home/vitaly/WebKit/Source/JavaScriptCore/yarr/YarrJIT.cpp:2752 #6 0x00007fda17398607 in JSC::Yarr::YarrGenerator<JSC::Yarr::YarrJITDefaultRegisters>::compile(JSC::Yarr::YarrCodeBlock&) (this=0x7fffa80b1770, codeBlock=...) at /home/vitaly/WebKit/Source/JavaScriptCore/yarr/YarrJIT.cpp:4786 #7 0x00007fda17394a72 in JSC::Yarr::jitCompile(JSC::Yarr::YarrPattern&, WTF::StringView, JSC::Yarr::CharSize, std::optional<WTF::StringView>, JSC::VM*, JSC::Yarr::YarrCodeBlock&, JSC::Yarr::JITCompileMode) (pattern=..., patternString=..., charSize=JSC::Yarr::CharSize::Char8, sampleString=std::optional<WTF::StringView> = {...}, vm=0x7fd9a9400000, codeBlock=..., mode=JSC::Yarr::JITCompileMode::IncludeSubpatterns) at /home/vitaly/WebKit/Source/JavaScriptCore/yarr/YarrJIT.cpp:5351 #8 0x00007fda16d4e448 in JSC::RegExp::compile(JSC::VM*, JSC::Yarr::CharSize, std::optional<WTF::StringView>) (this=0x7fda032e9498, vm=0x7fd9a9400000, charSize=JSC::Yarr::CharSize::Char8, sampleString=std::optional<WTF::StringView> = {...}) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExp.cpp:258 #9 0x00007fda15bc1219 in JSC::RegExp::compileIfNecessary(JSC::VM&, JSC::Yarr::CharSize, std::optional<WTF::StringView>) (this=0x7fda032e9498, vm=..., charSize=JSC::Yarr::CharSize::Char8, sampleString=std::optional<WTF::StringView> = {...}) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExpInlines.h:103 #10 0x00007fda16d558ad in JSC::RegExp::matchInline<WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, (JSC::Yarr::MatchFrom)0>(JSC::JSGlobalObject*, JSC::VM&, WTF::String const&, unsigned int, WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) (this=0x7fda032e9498, nullOrGlobalObject=0x7fd9a9159088, vm=..., s=..., startOffset=0, ovector=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExpInlines.h:114 #11 0x00007fda16d4e615 in JSC::RegExp::match(JSC::JSGlobalObject*, WTF::String const&, unsigned int, WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) (this=0x7fda032e9498, globalObject=0x7fd9a9159088, s=..., startOffset=0, ovector=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExp.cpp:281 #12 0x00007fda16d60838 in JSC::RegExpGlobalData::performMatch(JSC::JSGlobalObject*, JSC::RegExp*, JSC::JSString*, WTF::String const&, int, int**) (this=0x7fd9a91598a8, owner=0x7fd9a9159088, regExp=0x7fda032e9498, string=0x7fd9a93301a0, input=..., startOffset=0, ovector=0x7fffa80b4ea8) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExpGlobalDataInlines.h:56 #13 0x00007fda16da6b03 in JSC::replaceUsingRegExpSearch(JSC::VM&, JSC::JSGlobalObject*, JSC::JSString*, JSC::JSValue, JSC::CallData const&, WTF::String&, JSC::JSValue) (vm=..., globalObject=0x7fd9a9159088, string=0x7fd9a93301a0, searchValue=..., callData=..., replacementString=..., replaceValue=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/StringPrototype.cpp:659 #14 0x00007fda16da85aa in JSC::replaceUsingRegExpSearch(JSC::VM&, JSC::JSGlobalObject*, JSC::JSString*, JSC::JSValue, JSC::JSValue) (vm=..., globalObject=0x7fd9a9159088, string=0x7fd9a93301a0, searchValue=..., replaceValue=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/StringPrototype.cpp:819 #15 0x00007fda16da93c0 in JSC::stringProtoFuncReplaceUsingRegExp(JSC::JSGlobalObject*, JSC::CallFrame*) (globalObject=0x7fd9a9159088, callFrame=0x7fffa80b53d0) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/StringPrototype.cpp:906 #16 0x00007fd8a7e0c038 in () #17 0x00007fffa80b5480 in () #18 0x00007fda14f558fa in op_call_return_location () at /home/vitaly/WebKit/WebKitBuild/GTK/Debug/lib/libjavascriptcoregtk-6.0.so.1 ``` 2030516 1 vitaly 2024-04-23 04:32:29 -0700 Pull request: https://github.com/WebKit/WebKit/pull/27627 2030554 2 ap 2024-04-23 08:57:04 -0700 *** This bug has been marked as a duplicate of bug 273048 ***