Bug 273120 - REGRESSION(277770@main): [WASM][Debug] ASSERTION FAILED: v <= 0
Summary: REGRESSION(277770@main): [WASM][Debug] ASSERTION FAILED: v <= 0
Status: RESOLVED DUPLICATE of bug 273048
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-23 04:26 PDT by Vitaly Dyackhov
Modified: 2024-04-23 08:57 PDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vitaly Dyackhov 2024-04-23 04:26:00 PDT 
Stack trace:
```
#0  WTFCrash() () at /home/vitaly/WebKit/Source/WTF/wtf/Assertions.cpp:353
#1  0x00007fda14f9b4f2 in WTFCrashWithInfo(int, char const*, char const*, int) () at /home/vitaly/WebKit/WebKitBuild/GTK/Debug/WTF/Headers/wtf/Assertions.h:862
#2  0x00007fda163a1d44 in WTF::negate<int>(int) (v=1) at /home/vitaly/WebKit/WebKitBuild/GTK/Debug/WTF/Headers/wtf/MathExtras.h:787
#3  0x00007fda16edf1de in JSC::MacroAssemblerX86Common::sub32(JSC::X86Registers::RegisterID, JSC::AbstractMacroAssembler<JSC::X86Assembler>::TrustedImm32, JSC::X86Registers::RegisterID) (this=0x7fffa80b1630, src=JSC::X86Registers::esi, imm=..., dest=JSC::X86Registers::eax) at /home/vitaly/WebKit/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h:908
#4  0x00007fda1738b4c0 in JSC::MacroAssembler::sub32(JSC::X86Registers::RegisterID, JSC::AbstractMacroAssembler<JSC::X86Assembler>::Imm32, JSC::X86Registers::RegisterID) (this=0x7fffa80b1630, src=JSC::X86Registers::esi, imm=..., dest=JSC::X86Registers::eax) at /home/vitaly/WebKit/Source/JavaScriptCore/assembler/MacroAssembler.h:2167
#5  0x00007fda173a3bf0 in JSC::Yarr::YarrGenerator<JSC::Yarr::YarrJITDefaultRegisters>::generate() (this=0x7fffa80b1770) at /home/vitaly/WebKit/Source/JavaScriptCore/yarr/YarrJIT.cpp:2752
#6  0x00007fda17398607 in JSC::Yarr::YarrGenerator<JSC::Yarr::YarrJITDefaultRegisters>::compile(JSC::Yarr::YarrCodeBlock&) (this=0x7fffa80b1770, codeBlock=...) at /home/vitaly/WebKit/Source/JavaScriptCore/yarr/YarrJIT.cpp:4786
#7  0x00007fda17394a72 in JSC::Yarr::jitCompile(JSC::Yarr::YarrPattern&, WTF::StringView, JSC::Yarr::CharSize, std::optional<WTF::StringView>, JSC::VM*, JSC::Yarr::YarrCodeBlock&, JSC::Yarr::JITCompileMode) (pattern=..., patternString=..., charSize=JSC::Yarr::CharSize::Char8, sampleString=std::optional<WTF::StringView> = {...}, vm=0x7fd9a9400000, codeBlock=..., mode=JSC::Yarr::JITCompileMode::IncludeSubpatterns) at /home/vitaly/WebKit/Source/JavaScriptCore/yarr/YarrJIT.cpp:5351
#8  0x00007fda16d4e448 in JSC::RegExp::compile(JSC::VM*, JSC::Yarr::CharSize, std::optional<WTF::StringView>) (this=0x7fda032e9498, vm=0x7fd9a9400000, charSize=JSC::Yarr::CharSize::Char8, sampleString=std::optional<WTF::StringView> = {...}) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExp.cpp:258
#9  0x00007fda15bc1219 in JSC::RegExp::compileIfNecessary(JSC::VM&, JSC::Yarr::CharSize, std::optional<WTF::StringView>) (this=0x7fda032e9498, vm=..., charSize=JSC::Yarr::CharSize::Char8, sampleString=std::optional<WTF::StringView> = {...}) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExpInlines.h:103
#10 0x00007fda16d558ad in JSC::RegExp::matchInline<WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, (JSC::Yarr::MatchFrom)0>(JSC::JSGlobalObject*, JSC::VM&, WTF::String const&, unsigned int, WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) (this=0x7fda032e9498, nullOrGlobalObject=0x7fd9a9159088, vm=..., s=..., startOffset=0, ovector=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExpInlines.h:114
#11 0x00007fda16d4e615 in JSC::RegExp::match(JSC::JSGlobalObject*, WTF::String const&, unsigned int, WTF::Vector<int, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) (this=0x7fda032e9498, globalObject=0x7fd9a9159088, s=..., startOffset=0, ovector=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExp.cpp:281
#12 0x00007fda16d60838 in JSC::RegExpGlobalData::performMatch(JSC::JSGlobalObject*, JSC::RegExp*, JSC::JSString*, WTF::String const&, int, int**) (this=0x7fd9a91598a8, owner=0x7fd9a9159088, regExp=0x7fda032e9498, string=0x7fd9a93301a0, input=..., startOffset=0, ovector=0x7fffa80b4ea8) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/RegExpGlobalDataInlines.h:56
#13 0x00007fda16da6b03 in JSC::replaceUsingRegExpSearch(JSC::VM&, JSC::JSGlobalObject*, JSC::JSString*, JSC::JSValue, JSC::CallData const&, WTF::String&, JSC::JSValue) (vm=..., globalObject=0x7fd9a9159088, string=0x7fd9a93301a0, searchValue=..., callData=..., replacementString=..., replaceValue=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/StringPrototype.cpp:659
#14 0x00007fda16da85aa in JSC::replaceUsingRegExpSearch(JSC::VM&, JSC::JSGlobalObject*, JSC::JSString*, JSC::JSValue, JSC::JSValue) (vm=..., globalObject=0x7fd9a9159088, string=0x7fd9a93301a0, searchValue=..., replaceValue=...) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/StringPrototype.cpp:819
#15 0x00007fda16da93c0 in JSC::stringProtoFuncReplaceUsingRegExp(JSC::JSGlobalObject*, JSC::CallFrame*) (globalObject=0x7fd9a9159088, callFrame=0x7fffa80b53d0) at /home/vitaly/WebKit/Source/JavaScriptCore/runtime/StringPrototype.cpp:906
#16 0x00007fd8a7e0c038 in  ()
#17 0x00007fffa80b5480 in  ()
#18 0x00007fda14f558fa in op_call_return_location () at /home/vitaly/WebKit/WebKitBuild/GTK/Debug/lib/libjavascriptcoregtk-6.0.so.1
```
Comment 1 Vitaly Dyackhov 2024-04-23 04:32:29 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/27627
Comment 2 Alexey Proskuryakov 2024-04-23 08:57:04 PDT 

*** This bug has been marked as a duplicate of bug 273048 ***