164597 – ASSERTION FAILED: length > offset encountered with wasm.yaml/wasm/js-api/test_Module.js.default-wasm

RESOLVED FIXED 164597

ASSERTION FAILED: length > offset encountered with wasm.yaml/wasm/js-api/test_Module.js.default-wasm

https://bugs.webkit.org/show_bug.cgi?id=164597

Summary ASSERTION FAILED: length > offset encountered with wasm.yaml/wasm/js-api/test...

Ryan Haddad

Reported 2016-11-10 09:30:52 PST

https://build.webkit.org/builders/Apple%20El%20Capitan%20Debug%20JSC%20%28Tests%29/builds/4461/steps/jscore-test/logs/stdio wasm.yaml/wasm/js-api/test_Module.js.default-wasm: ASSERTION FAILED: length > offset wasm.yaml/wasm/js-api/test_Module.js.default-wasm: /Volumes/Data/slave/elcapitan-debug/build/WebKitBuild/Debug/usr/local/include/wtf/LEBDecoder.h(40) : bool WTF::LEBDecoder::decodeUInt(const uint8_t *, size_t, size_t &, T &) [maxByteLength = 5, T = unsigned int] wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 1 0x10380d060 WTFCrash wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 2 0x103604230 bool WTF::LEBDecoder::decodeUInt<5ul, unsigned int>(unsigned char const*, unsigned long, unsigned long&, unsigned int&) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 3 0x1036041cd WTF::LEBDecoder::decodeUInt32(unsigned char const*, unsigned long, unsigned long&, unsigned int&) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 4 0x103604000 JSC::Wasm::Parser::parseVarUInt32(unsigned int&) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 5 0x1037b9142 JSC::Wasm::ModuleParser::parse() wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 6 0x10303a07f JSC::Wasm::Plan::Plan(JSC::VM&, unsigned char const*, unsigned long) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 7 0x10303aa7d JSC::Wasm::Plan::Plan(JSC::VM&, unsigned char const*, unsigned long) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 8 0x1031e9628 JSC::constructJSWebAssemblyModule(JSC::ExecState*) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 9 0x1033a293a JSC::LLInt::handleHostCall(JSC::ExecState*, JSC::Instruction*, JSC::JSValue, JSC::CodeSpecializationKind) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 10 0x1033a37fc JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 11 0x1033a33f6 JSC::LLInt::genericCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 12 0x10339fcdc llint_slow_path_construct wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 13 0x1033adfff llint_entry wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 14 0x1033adca0 llint_entry wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 15 0x1033a660e vmEntryToJavaScript wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 16 0x10317644c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 17 0x1030f2e52 JSC::Interpreter::execute(JSC::ModuleProgramExecutable*, JSC::ExecState*, JSC::JSModuleEnvironment*) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 18 0x103295d2f JSC::JSModuleRecord::evaluate(JSC::ExecState*) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 19 0x10380c2f8 JSC::JSModuleLoader::evaluate(JSC::ExecState*, JSC::JSValue, JSC::JSValue, JSC::JSValue) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 20 0x1033e1058 JSC::moduleLoaderPrototypeEvaluate(JSC::ExecState*) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 21 0x4674dae01028 wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 22 0x1033adc26 llint_entry wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 23 0x1033adca0 llint_entry wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 24 0x4674dae099b9 wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 25 0x1033a660e vmEntryToJavaScript wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 26 0x10317644c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 27 0x1030f1daf JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 28 0x1028fa75e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 29 0x1028fa9ab JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 30 0x10327c056 JSC::JSJobMicrotask::run(JSC::ExecState*) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: 31 0x1036abc55 JSC::QueuedTask::run() wasm.yaml/wasm/js-api/test_Module.js.default-wasm: test_script_31118: line 2: 51572 Segmentation fault: 11 ( "$@" ../../../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --maxPerThreadStackUsage\=1572864 -m --useWebAssembly\=1 test_Module.js ) wasm.yaml/wasm/js-api/test_Module.js.default-wasm: ERROR: Unexpected exit code: 139 FAIL: wasm.yaml/wasm/js-api/test_Module.js.default-wasm

Attachments
patch (6.90 KB, patch) 2016-11-10 14:28 PST, JF Bastien	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Keith Miller

Comment 1 2016-11-10 11:16:18 PST

My guess is that https://trac.webkit.org/changeset/208401 is the source.

JF Bastien

Comment 2 2016-11-10 14:28:37 PST

Created attachment 294415 [details] patch I have no idea how anything ever worked before!

Keith Miller

Comment 3 2016-11-10 14:44:26 PST

Comment on attachment 294415 [details] patch r=me.

Keith Miller

Comment 4 2016-11-10 14:45:11 PST

Comment on attachment 294415 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=294415&action=review Actually, one comment. > JSTests/wasm/LowLevelBinary.js:79 > + trim() { this._buf = this._buf.slice(0, this._used); } You don't use this.

Keith Miller

Comment 5 2016-11-10 14:45:43 PST

Comment on attachment 294415 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=294415&action=review >> JSTests/wasm/LowLevelBinary.js:79 >> + trim() { this._buf = this._buf.slice(0, this._used); } > > You don't use this. I'm an idiot. Ignore this comment.

WebKit Commit Bot

Comment 6 2016-11-10 15:10:20 PST

Comment on attachment 294415 [details] patch Clearing flags on attachment: 294415 Committed r208567: <http://trac.webkit.org/changeset/208567>

WebKit Commit Bot

Comment 7 2016-11-10 15:10:25 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version Other

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

JF Bastien

Reported

2016-11-10 09:30 PST

Modified

2016-11-10 15:10 PST History

CC List

10 users Show

URL

Keywords

Depends on

Blocks