Bug 48912

Summary: ARM JIT asserts when loading http://reader.google.com in debug mode
Product: WebKit Reporter: Jocelyn Turcotte <jturcotte>
Component: JavaScriptCoreAssignee: Gabor Loki <loki>
Status: RESOLVED FIXED    
Severity: Minor CC: abarth, barraclough, christian.webkit, commit-queue, ddkilzer, eric, loki, oliver, thomas, webkit.review.bot
Priority: P4    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: Linux   
URL: http://reader.google.com
Attachments:
Description Flags
ARM JIT asserts when loading http://reader.google.com in debug mode none

Jocelyn Turcotte
Reported 2010-11-03 06:26:36 PDT
ASSERTION FAILED: differenceBetween(m_uninterruptedInstructionSequenceBegin, label()) == insnSpace (../../../qtwebkit-webkit2-dev/JavaScriptCore/jit/JITInlineMethods.h:127 void JSC::JIT::endUninterruptedSequence(int, int)) It happens under JIT::compileGetByIdSlowCase, stubCall.call(dst) eventually calls ARMAssembler::dataTransfer32 which might generate 1 or 2 instructions depending on the value of "dst".
Attachments
ARM JIT asserts when loading http://reader.google.com in debug mode (3.50 KB, patch)
2010-11-09 00:34 PST, Gabor Loki 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2010-11-04 09:44:27 PDT
I believe this is only an issue with the ARMAssembler, not the ARMv7Assembler.
Gabor Loki
Comment 2 2010-11-04 13:38:03 PDT
This issue is related to ARM JIT, not ARMv7 (Thumb-2) one. I will upload a patch soon.
Gabor Loki
Comment 3 2010-11-09 00:34:13 PST
Created attachment 73344 [details] ARM JIT asserts when loading http://reader.google.com in debug mode
WebKit Commit Bot
Comment 4 2010-11-09 23:36:54 PST
Comment on attachment 73344 [details] ARM JIT asserts when loading http://reader.google.com in debug mode Clearing flags on attachment: 73344 Committed r71722: <http://trac.webkit.org/changeset/71722>
WebKit Commit Bot
Comment 5 2010-11-09 23:37:00 PST
All reviewed patches have been landed. Closing bug.
WebKit Review Bot
Comment 6 2010-11-10 00:52:22 PST
http://trac.webkit.org/changeset/71722 might have broken GTK Linux 64-bit Debug The following tests are not passing: fast/events/tabindex-focus-blur-all.html
Gabor Loki
Comment 7 2010-11-10 01:23:33 PST
> http://trac.webkit.org/changeset/71722 might have broken GTK Linux 64-bit Debug > The following tests are not passing: > fast/events/tabindex-focus-blur-all.html It should be a flaky test. This patch related to ARM.
Darin Adler
Comment 8 2010-11-10 09:15:21 PST
Comment on attachment 73344 [details] ARM JIT asserts when loading http://reader.google.com in debug mode View in context: https://bugs.webkit.org/attachment.cgi?id=73344&action=review > JavaScriptCore/jit/JITInlineMethods.h:131 > + /* There are several cases when the uninterrupted sequence is larger than > + * maximum required offset for pathing the same sequence. Eg.: if in a > + * uninterrupted sequence the last macroassembler's instruction is a stub > + * call, it emits store instruction(s) which should not be included in the > + * calculation of length of uninterrupted sequence. So, the insnSpace and > + * constSpace should be upper limit instead of hard limit. > + */ In the future, please use // comments, not /* comments, in WebKit code.
Note You need to log in before you can comment on or make changes to this bug.