WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
140095
Debug ASan builds frequently crash in Register::jsValue under DFG::prepareOSREntry
https://bugs.webkit.org/show_bug.cgi?id=140095
Summary
Debug ASan builds frequently crash in Register::jsValue under DFG::prepareOSR...
Alexey Proskuryakov
Reported
2015-01-05 13:50:48 PST
In release builds, Register::jsValue is inlined into DFG::prepareOSREntry, so a blacklist line we have in webkit-asan-ignore.txt is sufficient. But in debug builds, it is not inlined, so we crash in this function. Adding Register::jsValue to the blacklist is not the best fix, because this function is used elsewhere. The better fix is to blacklist the whole file.
Attachments
proposed fix
(1.20 KB, patch)
2015-01-05 15:50 PST
,
Alexey Proskuryakov
andersca
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1
2015-01-05 15:50:25 PST
Created
attachment 244013
[details]
proposed fix Actually, blacklisting the file doesn't work - if we do that, we get a non-ASan version of the inline function in DFGOSREntry.o, but it is later eliminated by the linker in favor of an ASanified copy from another file. So I only see two options: 1. Blacklist Register::jsValue(), and ask for a better solution (which I propose here). 2. Make a copy of Register::jsValue() function with a different name, just for the purpose of using it in prepareOSREntry() in a blacklist.
Alexey Proskuryakov
Comment 2
2015-01-06 16:26:11 PST
Committed <
http://trac.webkit.org/r178005
>.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug