Bug 46077

Summary: ASSERT failure in YARR JIT
Product: WebKit Reporter: Gavin Barraclough <barraclough>
Component: JavaScriptCoreAssignee: Gavin Barraclough <barraclough>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, info, possessedpenguinbob
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
The patch none

Gavin Barraclough
Reported 2010-09-20 00:27:17 PDT
ASSERTION FAILED: to.m_offset != -1 (/Volumes/Data/CopperHead/JavaScriptCore/assembler/X86Assembler.h:1535 void JSC::X86Assembler::linkJump(JSC::X86Assembler::JmpSrc, JSC::X86Assembler::JmpDst)) Segmentation fault: 11 The problem is hit when there are multiple alternatives in the top level disjunction, the last disjunction is longer than the first, and all are BOL predicated, e.g.: /^a|^bc/ Two optimizations are coming into conflict here. Due to the BOL unrolling there is no need to ever loop, so no head of loop label has been set, however the optimized code path that loops without checking length is available (since we have already checked N+1 characters for the last alternative before looping) doesn't check the flag indicating whether a label has been set.
Attachments
The patch (9.95 KB, patch)
2010-09-20 00:47 PDT, Gavin Barraclough 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Gavin Barraclough
Comment 1 2010-09-20 00:47:09 PDT
Created attachment 68056 [details] The patch
WebKit Commit Bot
Comment 2 2010-09-20 11:31:33 PDT
Comment on attachment 68056 [details] The patch Clearing flags on attachment: 68056 Committed r67867: <http://trac.webkit.org/changeset/67867>
WebKit Commit Bot
Comment 3 2010-09-20 11:31:38 PDT
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 4 2010-09-20 11:46:16 PDT
*** Bug 46075 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 5 2011-02-22 13:13:47 PST
*** Bug 46102 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.