| Summary: | [JSC] AssemblyComents.h assertion failure when not using libpas allocator | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Joseph Griego <joseph.j.griego> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Pull request: https://github.com/WebKit/WebKit/pull/5508 Committed 255735@main (256a5b87fda9): <https://commits.webkit.org/255735@main> Reviewed commits have been landed. Closing PR #5508 and removing active labels. |
As title. On e.g. armv7 linux where the libpas allocator is not used, using a debug build, the following reproduces the failure: ./WebKitBuild/Debug/bin/jsc --dumpDisassembly=1 JSTests/stress/dfg-branch.js ASSERTION FAILED: newEnd <= thisStart || thisEnd <= newStart ../../Source/JavaScriptCore/assembler/AssemblyComments.h(63) : void JSC::AssemblyCommentRegistry::registerCodeRange(void*, void*, JSC::AssemblyCommentRegistry::CommentMap&&) Aborted This seems to be because the comment registry range for a executable region is not unregistered when the memory reason is released back to the allocator--patch forthcoming