Bug 140095

Summary: Debug ASan builds frequently crash in Register::jsValue under DFG::prepareOSREntry
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: JavaScriptCoreAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: fpizlo, ggaren, mrowe
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed fix andersca: review+

Alexey Proskuryakov
Reported 2015-01-05 13:50:48 PST
In release builds, Register::jsValue is inlined into DFG::prepareOSREntry, so a blacklist line we have in webkit-asan-ignore.txt is sufficient. But in debug builds, it is not inlined, so we crash in this function. Adding Register::jsValue to the blacklist is not the best fix, because this function is used elsewhere. The better fix is to blacklist the whole file.
Attachments
proposed fix (1.20 KB, patch)
2015-01-05 15:50 PST, Alexey Proskuryakov
andersca: review+
Alexey Proskuryakov
Comment 1 2015-01-05 15:50:25 PST
Created attachment 244013 [details] proposed fix Actually, blacklisting the file doesn't work - if we do that, we get a non-ASan version of the inline function in DFGOSREntry.o, but it is later eliminated by the linker in favor of an ASanified copy from another file. So I only see two options: 1. Blacklist Register::jsValue(), and ask for a better solution (which I propose here). 2. Make a copy of Register::jsValue() function with a different name, just for the purpose of using it in prepareOSREntry() in a blacklist.
Alexey Proskuryakov
Comment 2 2015-01-06 16:26:11 PST
Note You need to log in before you can comment on or make changes to this bug.