[Win][32bit] Assert failure bytecodeIndex.offset() < instructions().size() in UnlinkedCodeBlock::expressionRangeForBytecodeIndex AppleWin, 32bit, debug build trunk@254556 The assertion fails at almost every web sites using JS. I don't know which revision is the culprit. release builds work fine. callstack: > JavaScriptCore.dll!abort() Line 77 C++ > JavaScriptCore.dll!WTFCrashWithInfo(int __formal=184, const char * __formal=0x046fe770, const char * __formal=0x046fe394, int __formal=2258) Line 619 C++ > JavaScriptCore.dll!JSC::UnlinkedCodeBlock::expressionRangeForBytecodeIndex(JSC::BytecodeIndex bytecodeIndex={...}, int & divot=0, int & startOffset=0, int & endOffset=0, unsigned int & line=0, unsigned int & column=0) Line 184 C++ > JavaScriptCore.dll!JSC::CodeBlock::expressionRangeForBytecodeIndex(JSC::BytecodeIndex bytecodeIndex={...}, int & divot=0, int & startOffset=0, int & endOffset=0, unsigned int & line=0, unsigned int & column=0) Line 1906 C++ > JavaScriptCore.dll!JSC::appendSourceToError(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::CallFrame * callFrame=0x0c41ffa8, JSC::ErrorInstance * exception=0x26290cf8, JSC::BytecodeIndex bytecodeIndex={...}) Line 76 C++ > JavaScriptCore.dll!JSC::ErrorInstance::finishCreation(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::VM & vm={...}, const WTF::String & message={...}, bool useCurrentFrame=true) Line 131 C++ > JavaScriptCore.dll!JSC::ErrorInstance::create(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::VM & vm={...}, JSC::Structure * structure=0x0d2229e0, const WTF::String & message={...}, WTF::String(*)(const WTF::String &, const WTF::String &, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred) appender=0x03d862b0, JSC::RuntimeType type=TypeUndefined, bool useCurrentFrame=true) Line 62 C++ > JavaScriptCore.dll!JSC::createTypeError(JSC::JSGlobalObject * globalObject=0x0cf76c68, const WTF::String & message={...}, WTF::String(*)(const WTF::String &, const WTF::String &, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred) appender=0x03d862b0, JSC::RuntimeType type=TypeUndefined) Line 78 C++ > JavaScriptCore.dll!JSC::createError(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::JSValue value={...}, const WTF::String & message={...}, WTF::String(*)(const WTF::String &, const WTF::String &, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred) appender=0x03d862b0) Line 281 C++ > JavaScriptCore.dll!JSC::createNotAConstructorError(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::JSValue value={...}) Line 309 C++ > JavaScriptCore.dll!JSC::LLInt::handleHostCall(JSC::CallFrame * calleeFrame=0x0c41ff28, JSC::JSValue callee={...}, JSC::CodeSpecializationKind kind=CodeForConstruct) Line 1490 C++ > JavaScriptCore.dll!JSC::LLInt::setUpCall(JSC::CallFrame * calleeFrame=0x0c41ff28, JSC::CodeSpecializationKind kind=CodeForConstruct, JSC::JSValue calleeAsValue={...}, JSC::LLIntCallLinkInfo * callLinkInfo=0x263f3928) Line 1517 C++ > JavaScriptCore.dll!JSC::LLInt::genericCall<JSC::OpConstruct>(JSC::CodeBlock * codeBlock=0x0d08a920, JSC::CallFrame * callFrame=0x0c41ffa8, JSC::OpConstruct && bytecode={...}, JSC::CodeSpecializationKind kind=CodeForConstruct) Line 1579 C++ > JavaScriptCore.dll!llint_slow_path_construct(JSC::CallFrame * callFrame=0x0c41ffa8, const JSC::Instruction * pc=0x263b5524) Line 1600 C++ > JavaScriptCore.dll!JSC::LLInt::CLoop::execute(JSC::OpcodeID entryOpcodeID=llint_vm_entry_to_javascript, void * executableAddress=0x000000db, JSC::VM * vm=0x0ba46fd8, JSC::ProtoCallFrame * protoCallFrame=0x012fe510, bool isInitializationPass=false) Line 20151 C++ > JavaScriptCore.dll!vmEntryToJavaScript(void * executableAddress=0x000000db, JSC::VM * vm=0x0ba46fd8, JSC::ProtoCallFrame * protoCallFrame=0x012fe510) Line 171 C++ > JavaScriptCore.dll!JSC::JITCode::execute(JSC::VM * vm=0x0ba46fd8, JSC::ProtoCallFrame * protoCallFrame=0x012fe510) Line 38 C++ > JavaScriptCore.dll!JSC::Interpreter::executeProgram(const JSC::SourceCode & source={...}, JSC::JSGlobalObject * __formal=0x0cf76c68, JSC::JSObject * thisObj=0x0cf302c8) Line 849 C++ > JavaScriptCore.dll!JSC::evaluate(JSC::JSGlobalObject * globalObject=0x0cf76c68, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}, WTF::NakedPtr<JSC::Exception> & returnedException={...}) Line 148 C++ > JavaScriptCore.dll!JSC::profiledEvaluate(JSC::JSGlobalObject * globalObject=0x0cf76c68, JSC::ProfilingReason reason=Other, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}, WTF::NakedPtr<JSC::Exception> & returnedException={...}) Line 161 C++ > WebKit.dll!WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject * lexicalGlobalObject=0x0cf76c68, JSC::ProfilingReason reason=Other, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}, WTF::NakedPtr<JSC::Exception> & returnedException={...}) Line 79 C++ > WebKit.dll!WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode={...}, WebCore::DOMWrapperWorld & world={...}) Line 143 C++ > WebKit.dll!WebCore::ScriptController::evaluateInWorldIgnoringException(const WebCore::ScriptSourceCode & sourceCode={...}, WebCore::DOMWrapperWorld & world={...}) Line 116 C++ > WebKit.dll!WebCore::ScriptController::evaluateIgnoringException(const WebCore::ScriptSourceCode & sourceCode={...}) Line 163 C++ > WebKit.dll!WebCore::ScriptElement::executeClassicScript(const WebCore::ScriptSourceCode & sourceCode={...}) Line 394 C++ > WebKit.dll!WebCore::LoadableClassicScript::execute(WebCore::ScriptElement & scriptElement={...}) Line 123 C++ > WebKit.dll!WebCore::ScriptElement::executeScriptAndDispatchEvent(WebCore::LoadableScript & loadableScript={...}) Line 432 C++ > WebKit.dll!WebCore::ScriptElement::executePendingScript(WebCore::PendingScript & pendingScript={...}) Line 440 C++ > WebKit.dll!WebCore::ScriptRunner::timerFired() Line 132 C++ > [External Code] > WebKit.dll!WTF::Detail::CallableWrapper<std::_Binder<std::_Unforced,void (__thiscall WebCore::ScriptRunner::*&)(void),WebCore::ScriptRunner *>,void>::call() Line 52 C++ > WebKit.dll!WTF::Function<void __cdecl(void)>::operator()() Line 84 C++ > WebKit.dll!WebCore::Timer::fired() Line 127 C++ > WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 129 C++ > WebKit.dll!WebCore::ThreadTimers::setSharedTimer::__l8::<lambda>() Line 69 C++ > WebKit.dll!WTF::Detail::CallableWrapper<void <lambda>(void),void>::call() Line 52 C++ > WebKit.dll!WTF::Function<void __cdecl(void)>::operator()() Line 84 C++ > WebKit.dll!WebCore::MainThreadSharedTimer::fired() Line 84 C++ > WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00180a86, unsigned int message=49988, unsigned int wParam=0, long lParam=0) Line 89 C++ > [External Code] > user32.dll![Frames below may be incorrect and/or missing, no symbols loaded for user32.dll] Unknown > WebKit.dll!WebKitMessageLoop::run(HACCEL__ * hAccelTable=0x0cd10a11) Line 94 C++ > MiniBrowserLib.dll!wWinMain(HINSTANCE__ * hInstance=0x00920000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0152611c, int nCmdShow=10) Line 124 C++ > MiniBrowserLib.dll!dllLauncherEntryPoint(HINSTANCE__ * hInstance=0x00920000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0152611c, int nCmdShow=10) Line 145 C++ > MiniBrowser.exe!wWinMain(HINSTANCE__ * hInstance=0x00920000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0152611c, int nCmdShow=10) Line 232 C++ > [External Code]
instructions().size() was 138001. bytecodeIndex.m_packedBits was 2565690512. > - m_instructions unique_ptr {m_instructions={...} } std::unique_ptr<JSC::InstructionStream,std::default_delete<JSC::InstructionStream>> > - [ptr] 0x0c9b5118 {m_instructions={...} } JSC::InstructionStream * > - m_instructions {...} WTF::Vector<unsigned char,0,WTF::UnsafeVectorOverflow,16,WTF::FastMalloc> > - WTF::VectorBuffer<unsigned char,0,WTF::FastMalloc> {...} WTF::VectorBuffer<unsigned char,0,WTF::FastMalloc> > - WTF::VectorBufferBase<unsigned char,WTF::FastMalloc> {m_buffer=0x263b2e70 "œþ„ýþ«„ü\x10\nûþ" m_capacity=138001 m_size=138001 } WTF::VectorBufferBase<unsigned char,WTF::FastMalloc> > + m_buffer 0x263b2e70 "œþ„ýþ«„ü\x10\nûþ" unsigned char * > m_capacity 138001 unsigned int > m_size 138001 unsigned int > - bytecodeIndex {m_packedBits=2565690512 } JSC::BytecodeIndex > m_packedBits 2565690512 unsigned int
> bytecodeIndex.offset() 641422628 unsigned int > instructions().size() 138001 unsigned int
Created attachment 387757 [details] WIP patch
Hi Fujii, thanks for the patch. This is related to bug 203563 which Caio is currently also working on. Might be worth syncing with him.
(In reply to Fujii Hironori from comment #0) > release builds work fine. No, AppleWin 32bit release builds are unable to run JavaScript. AppleWin 64bit can run JavaScript.
(In reply to Paulo Matos from comment #4) > Hi Fujii, thanks for the patch. This is related to bug 203563 which Caio is > currently also working on. Might be worth syncing with him. Oh, thank you very much for letting me know it.
I uploaded a patch on https://bugs.webkit.org/show_bug.cgi?id=203563 to fix that on 32-bits ports, but I couldn't verify on Windows. Do you mind try it out?
Comment on attachment 387757 [details] WIP patch View in context: https://bugs.webkit.org/attachment.cgi?id=387757&action=review > Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:186 > +#endif I don't think this will solve the issue. The problem is that with BytecodeIndex we now "<< 2" its offset to make space for checkpoints storage (See BytecodeIndex.h). For 32-bits, we use "Instructrion*" as the offset and such shift will make us lose some high-order bits when retrieving back with `.offset()`.
Thank you. Will check today.
I tested with trunk@254661, Bug 203563 patch, AppleWin 32bit MiniBrowser, debug builds, by browsing some web sites. I confirmed JavaScript works. I realized a lot of bugs while testing. 32bit AppleWin port isn't good shape these days. Anyway, I think they are other issues.