Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 256a5b87fda903edfb2bf98dd7293122cc611b08
https://github.com/WebKit/WebKit/commit/256a5b87fda903edfb2bf98dd7293122cc611b08
Author: Joseph Griego <jgri...@igalia.com>
Date: 2022-10-19 (Wed, 19 Oct 2022)
Changed paths:
M Source/JavaScriptCore/jit/ExecutableAllocator.cpp
Log Message:
-----------
[JSC] Fix AssemblyCommentRegistry when not using libpas jit heap
https://bugs.webkit.org/show_bug.cgi?id=246705
Reviewed by Yusuke Suzuki.
On e.g. armv7 linux where the libpas allocator is not used, the assertion
enforcing that comment registry regions are disjoint fails. Reproducing the
failure is easy:
./WebKitBuild/Debug/bin/jsc --dumpDisassembly=1 JSTests/stress/dfg-branch.js
This results in:
ASSERTION FAILED: newEnd <= thisStart || thisEnd <= newStart
../../Source/JavaScriptCore/assembler/AssemblyComments.h(63) : void
JSC::AssemblyCommentRegistry::registerCodeRange(void*, void*,
JSC::AssemblyCommentRegistry::CommentMap&&)
Aborted
This seems to be because the comment registry range for a executable region is
not unregistered when the memory reason is released back to the allocator--this
code was added only for the libpas allocator. To fix it, we just need to also
unregister regions when using the not-libpas allocator, too.
* Source/JavaScriptCore/jit/ExecutableAllocator.cpp:
Canonical link: https://commits.webkit.org/255735@main
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
