Bug 246705

Summary:	[JSC] AssemblyComents.h assertion failure when not using libpas allocator
Product:	WebKit	Reporter:	Joseph Griego <joseph.j.griego>
Component:	JavaScriptCore	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Joseph Griego

Reported 2022-10-18 12:53:33 PDT

As title. On e.g. armv7 linux where the libpas allocator is not used, using a debug build, the following reproduces the failure: ./WebKitBuild/Debug/bin/jsc --dumpDisassembly=1 JSTests/stress/dfg-branch.js ASSERTION FAILED: newEnd <= thisStart || thisEnd <= newStart ../../Source/JavaScriptCore/assembler/AssemblyComments.h(63) : void JSC::AssemblyCommentRegistry::registerCodeRange(void*, void*, JSC::AssemblyCommentRegistry::CommentMap&&) Aborted This seems to be because the comment registry range for a executable region is not unregistered when the memory reason is released back to the allocator--patch forthcoming

Attachments
Add attachment proposed patch, testcase, etc.

Joseph Griego

Comment 1 2022-10-18 12:58:33 PDT

Pull request: https://github.com/WebKit/WebKit/pull/5508

EWS

Comment 2 2022-10-19 08:50:59 PDT

Committed 255735@main (256a5b87fda9): <https://commits.webkit.org/255735@main> Reviewed commits have been landed. Closing PR #5508 and removing active labels.

Radar WebKit Bug Importer

Comment 3 2022-10-19 08:51:20 PDT

<rdar://problem/101339451>

Note You need to log in before you can comment on or make changes to this bug.