139246 2014-12-03 17:26:26 -0800 REGRESSION (r176479): DFG ASSERTION beneath emitOSRExitCall running Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation and other tests 2014-12-03 17:59:09 -0800 1 1 1 Unclassified WebKit JavaScriptCore 312.x All All RESOLVED FIXED P2 Normal --- 1 msaboff msaboff oldest_to_newest 1052367 0 msaboff 2014-12-03 17:26:26 -0800 run-javascriptcore-tests --debug internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: DFG ASSERTION FAILED: !(availability.isDead() && m_graph.isLiveInBytecode(VirtualRegister(operand), codeOrigin)) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: /Volumes/Big/ggaren/OpenSource/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp(6562) : void JSC::FTL::LowerDFGToLLVM::buildExitArguments(JSC::FTL::OSRExit &, ExitArgumentList &, JSC::FTL::FormattedValue, JSC::CodeOrigin) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 1 0x1034ae5b0 WTFCrashWithSecurityImplication internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 2 0x102dfd763 JSC::DFG::crash(JSC::DFG::Graph&, WTF::CString const&, char const*, int, char const*, char const*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 3 0x102dfd7db JSC::DFG::Graph::handleAssertionFailure(JSC::DFG::Node*, char const*, int, char const*, char const*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 4 0x102fd23c8 JSC::FTL::LowerDFGToLLVM::buildExitArguments(JSC::FTL::OSRExit&, WTF::Vector<LLVMOpaqueValue*, 16u, WTF::CrashOnOverflow>&, JSC::FTL::FormattedValue, JSC::CodeOrigin) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 5 0x102fd202b JSC::FTL::LowerDFGToLLVM::emitOSRExitCall(JSC::FTL::OSRExit&, JSC::FTL::FormattedValue) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 6 0x102fd1ab1 JSC::FTL::LowerDFGToLLVM::appendOSRExit(JSC::ExitKind, JSC::FTL::FormattedValue, JSC::DFG::Node*, LLVMOpaqueValue*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 7 0x102fd145c JSC::FTL::LowerDFGToLLVM::appendTypeCheck(JSC::FTL::FormattedValue, JSC::DFG::Edge, unsigned int, LLVMOpaqueValue*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 8 0x102fd12a3 JSC::FTL::LowerDFGToLLVM::typeCheck(JSC::FTL::FormattedValue, JSC::DFG::Edge, unsigned int, LLVMOpaqueValue*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 9 0x102fdbe47 JSC::FTL::LowerDFGToLLVM::lowInt32(JSC::DFG::Edge, JSC::DFG::OperandSpePASS: internal-js-tests.yaml/Kraken/json-stringify-tinderbox.js.ftl-no-cjit-osr-validation culationMode) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 10 0x102fe5a2a JSC::FTL::LowerDFGToLLVM::speculateInt32(JSC::DFG::Edge) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 11 0x102fe5320 JSC::FTL::LowerDFGToLLVM::speculate(JSC::DFG::Edge) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 12 0x102ff5599 JSC::FTL::LowerDFGToLLVM::speculate(JSC::DFG::Node*, JSC::DFG::Edge) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 13 0x102facdbd JSC::FTL::LowerDFGToLLVM::compilePhantom() internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 14 0x102faa0c0 JSC::FTL::LowerDFGToLLVM::compileNode(unsigned int) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 15 0x102fa9b11 JSC::FTL::LowerDFGToLLVM::compileBlock(JSC::DFG::BasicBlock*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 16 0x102fa7c68 JSC::FTL::LowerDFGToLLVM::lower() internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 17 0x102fa523e JSC::FTL::lowerDFGToLLVM(JSC::FTL::State&) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 18 0x102e88331 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 19 0x102e87466 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 20 0x102ddf146 JSC::DFG::compileImpl(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 21 0x102ddeb24 JSC::DFG::compile(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 22 0x102e4efc4 triggerOSREntryNow internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 23 0x4bec0dc0922d internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 24 0x10327ca9b llint_entry internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 25 0x103276519 vmEntryToJavaScript internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 26 0x103102c1a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 27 0x1030e71f1 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 28 0x102c75c60 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 29 0x102af49d6 functionLoad(JSC::ExecState*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 30 0x4bec0dc01034 internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 31 0x10327ca9b llint_entry internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: test_script_92: line 2: 99939 Segmentation fault: 11 "$@" ../../../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --enableFunctionDotArguments\=true --validateFTLOSRExitLiveness\=true --useFTLJIT\=true --enableConcurrentJIT\=false --thresholdForJITAfterWarmUp\=100 imaging-gaussian-blur.js internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: ERROR: Unexpected exit code: 139 91/16931 (failed 1) .........................^Cmake: *** wait: Interrupted system call. Stop. 1052375 1 242544 msaboff 2014-12-03 17:55:26 -0800 Created attachment 242544 Patch for landing - reviewed in person. 1052376 2 msaboff 2014-12-03 17:59:09 -0800 Committed r176771: <http://trac.webkit.org/changeset/176771> 242544 2014-12-03 17:55:26 -0800 2014-12-03 17:55:26 -0800 Patch for landing - reviewed in person. 139246.patch text/plain 2048 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTc2NzcwKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIwIEBA CisyMDE0LTEyLTAzICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIFJFR1JFU1NJT04gKHIxNzY0NzkpOiBERkcgQVNTRVJUSU9OIGJlbmVhdGggZW1pdE9TUkV4 aXRDYWxsIHJ1bm5pbmcgS3Jha2VuL2ltYWdpbmctZ2F1c3NpYW4tYmx1ci5qcy5mdGwtbm8tY2pp dC1vc3ItdmFsaWRhdGlvbiBhbmQgb3RoZXIgdGVzdHMKKyAgICAgICAgaHR0cHM6Ly9idWdzLndl YmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEzOTI0NgorCisgICAgICAgIFJldmlld2VkIGJ5IEdl b2ZmcmV5IEdhcmVuLgorCisgICAgICAgICogZnRsL0ZUTExvd2VyREZHVG9MTFZNLmNwcDoKKyAg ICAgICAgKEpTQzo6RlRMOjpMb3dlckRGR1RvTExWTTo6YnVpbGRFeGl0QXJndW1lbnRzKToKKyAg ICAgICAgVGhlIERGR19BU1NFUlQgdGhhdCBjaGVja3MgbGl2ZW5lc3MgYXQgZXhpdCB0aW1lIGRv ZXNuJ3QgcHJvcGVybHkKKyAgICAgICAgaGFuZGxlIHRoZSBjYXNlIHdoZXJlIHRoZSBsb2NhbCBp cyBub3QgYXZhaWxhYmxlIGF0IE9TUiBleGl0IHRpbWUsCisgICAgICAgIGJ1dCB0aGUgbG9jYWwg aXMgbGl2ZSBpbiB0aGUgYnl0ZWNvZGUuICBUaGlzIG5vdyBoYXBwZW5zIHdpdGggdGhlCisgICAg ICAgIGFsbG9jYXRlZCBzY29wZSByZWdpc3RlciB3aGVuIHdlIGFyZSBjb21waWxpbmcgZm9yIEZU TEZvck9TUkVudHJ5TW9kZQorICAgICAgICBkdWUgdG8gRENFIGRvbmUgd2hlbiB0aGUgY29udHJv bCBmbG93IHdhcyBjaGFuZ2VkIGFuZCBhIG5ldyBlbnRyeXBvaW50CisgICAgICAgIHdhcyBhZGRl ZCBpbiB0aGUgT1NSIGVudHJ5cG9pbnQgY3JlYXRpb24gcGhhc2UuICBUaGVyZWZvcmUgd2Ugc2ls ZW5jZQorICAgICAgICB0aGUgYXNzZXJ0IHdoZW4gY29tcGlsaW5nIGZvciBGVExGb3JPU1JFbnRy eU1vZGUuCisKIDIwMTQtMTItMDMgIEdlb2ZmcmV5IEdhcmVuICA8Z2dhcmVuQGFwcGxlLmNvbT4K IAogICAgICAgICBSZW1vdmVkIHRoZSBnbG9iYWwgcGFyc2VyIGFyZW5hCkluZGV4OiBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvZnRsL0ZUTExvd2VyREZHVG9MTFZNLmNwcAo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBT b3VyY2UvSmF2YVNjcmlwdENvcmUvZnRsL0ZUTExvd2VyREZHVG9MTFZNLmNwcAkocmV2aXNpb24g MTc2NzcwKQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2Z0bC9GVExMb3dlckRGR1RvTExWTS5j cHAJKHdvcmtpbmcgY29weSkKQEAgLTY1NTksNyArNjU1OSw3IEBAIHByaXZhdGU6CiAgICAgICAg ICAgICBpZiAoT3B0aW9uczo6dmFsaWRhdGVGVExPU1JFeGl0TGl2ZW5lc3MoKSkgewogICAgICAg ICAgICAgICAgIERGR19BU1NFUlQoCiAgICAgICAgICAgICAgICAgICAgIG1fZ3JhcGgsIG1fbm9k ZSwKLSAgICAgICAgICAgICAgICAgICAgIShhdmFpbGFiaWxpdHkuaXNEZWFkKCkgJiYgbV9ncmFw aC5pc0xpdmVJbkJ5dGVjb2RlKFZpcnR1YWxSZWdpc3RlcihvcGVyYW5kKSwgY29kZU9yaWdpbikp KTsKKyAgICAgICAgICAgICAgICAgICAgKCEoYXZhaWxhYmlsaXR5LmlzRGVhZCgpICYmIG1fZ3Jh cGguaXNMaXZlSW5CeXRlY29kZShWaXJ0dWFsUmVnaXN0ZXIob3BlcmFuZCksIGNvZGVPcmlnaW4p KSkgfHwgbV9ncmFwaC5tX3BsYW4ubW9kZSA9PSBGVExGb3JPU1JFbnRyeU1vZGUpOwogICAgICAg ICAgICAgfQogICAgICAgICAgICAgCiAgICAgICAgICAgICBleGl0Lm1fdmFsdWVzW2ldID0gZXhp dFZhbHVlRm9yQXZhaWxhYmlsaXR5KGFyZ3VtZW50cywgbWFwLCBhdmFpbGFiaWxpdHkpOwo=