Bug 140095

Summary:

Debug ASan builds frequently crash in Register::jsValue under DFG::prepareOSREntry

Product:

WebKit

Reporter:

Alexey Proskuryakov <ap>

Component:

JavaScriptCore

Assignee:

Alexey Proskuryakov <ap>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

fpizlo, ggaren, mrowe

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
proposed fix	andersca: review+

Alexey Proskuryakov

Reported 2015-01-05 13:50:48 PST

In release builds, Register::jsValue is inlined into DFG::prepareOSREntry, so a blacklist line we have in webkit-asan-ignore.txt is sufficient. But in debug builds, it is not inlined, so we crash in this function. Adding Register::jsValue to the blacklist is not the best fix, because this function is used elsewhere. The better fix is to blacklist the whole file.

Attachments
proposed fix (1.20 KB, patch) 2015-01-05 15:50 PST, Alexey Proskuryakov	andersca: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2015-01-05 15:50:25 PST

Created attachment 244013 [details] proposed fix Actually, blacklisting the file doesn't work - if we do that, we get a non-ASan version of the inline function in DFGOSREntry.o, but it is later eliminated by the linker in favor of an ASanified copy from another file. So I only see two options: 1. Blacklist Register::jsValue(), and ask for a better solution (which I propose here). 2. Make a copy of Register::jsValue() function with a different name, just for the purpose of using it in prepareOSREntry() in a blacklist.

Alexey Proskuryakov

Comment 2 2015-01-06 16:26:11 PST

Committed <http://trac.webkit.org/r178005>.

Note You need to log in before you can comment on or make changes to this bug.