Bug 246705 - [JSC] AssemblyComents.h assertion failure when not using libpas allocator
Summary: [JSC] AssemblyComents.h assertion failure when not using libpas allocator
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-10-18 12:53 PDT by Joseph Griego
Modified: 2022-10-19 08:51 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joseph Griego 2022-10-18 12:53:33 PDT 
As title. On e.g. armv7 linux where the libpas allocator is not used, using a debug build, the following reproduces the failure:

     ./WebKitBuild/Debug/bin/jsc --dumpDisassembly=1 JSTests/stress/dfg-branch.js

ASSERTION FAILED: newEnd <= thisStart || thisEnd <= newStart
../../Source/JavaScriptCore/assembler/AssemblyComments.h(63) : void JSC::AssemblyCommentRegistry::registerCodeRange(void*, void*, JSC::AssemblyCommentRegistry::CommentMap&&)
Aborted

This seems to be because the comment registry range for a executable region is not unregistered when the memory reason is released back to the allocator--patch forthcoming
Comment 1 Joseph Griego 2022-10-18 12:58:33 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/5508
Comment 2 EWS 2022-10-19 08:50:59 PDT 
Committed 255735@main (256a5b87fda9): <https://commits.webkit.org/255735@main>

Reviewed commits have been landed. Closing PR #5508 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2022-10-19 08:51:20 PDT 
<rdar://problem/101339451>