142030 2015-02-25 17:18:40 -0800 REGRESSION(r180595): construct varargs fails in FTL 2015-03-06 17:45:11 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 108645 1 rniwa rniwa akiss commit-queue ddkilzer fpizlo ggaren msaboff ossy oldest_to_newest 1072214 0 rniwa 2015-02-25 17:18:40 -0800 After http://trac.webkit.org/changeset/180595, construct varargs fails in FTL with a following error: Failed to insert inline cache for varargs call (specifically, ConstructVarargs) because we thought the size would be 284 but it ended up being 300 prior to compaction. 1072215 1 247371 rniwa 2015-02-25 17:21:04 -0800 Created attachment 247371 Fixes the bug 1072216 2 247371 ggaren 2015-02-25 17:22:23 -0800 Comment on attachment 247371 Fixes the bug r=me 1072217 3 rniwa 2015-02-25 17:24:48 -0800 Committed r180651: <http://trac.webkit.org/changeset/180651> 1072261 4 ddkilzer 2015-02-25 19:07:51 -0800 Can we construct a COMPILE_ASSERT() here that will fail if we change the size of construct_varargs again? 1072262 5 fpizlo 2015-02-25 19:10:14 -0800 (In reply to comment #4) > Can we construct a COMPILE_ASSERT() here that will fail if we change the > size of construct_varargs again? No. The sizes of machine code snippets arise dynamically and cannot be computed at compile time. The right solution is for LLVM to give us a resizable patchpoint. 1072380 6 msaboff 2015-02-26 07:54:18 -0800 Looks like there is still an issue on ARM64 iOS. This is intermittent, probably due to whether or not we tier up to the FTL. Test Failures r180666 r180667 regress/script-tests/deltablue-varargs.js.ftl-eager Passed Failed [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: Failed to insert inline cache for varargs call (specifically, CallVarargs) because we thought the size would be 300 but it ended up being 332 prior to compaction. [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: 1 0x100211be0 JSC::FTL::compile(JSC::FTL::State&, JSC::DFG::Safepoint::Result&) [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: 2 0x1001888bc JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: 3 0x100188004 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: 4 0x100202ed4 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*) [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: 5 0x100527330 WTF::threadEntryPoint(void*) [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: 6 0x100527778 WTF::wtfThreadEntryPoint(void*) [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: 7 0x1977efe5c <redacted> [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: 8 0x1977efdbc <redacted> [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: 9 0x1977ecfc4 thread_start [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: ./test_script_4260: line 2: 79433 Segmentation fault: 11 "$@" /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --enableFunctionDotArguments\=true --useFTLJIT\=true --thresholdForJITAfterWarmUp\=10 --thresholdForJITSoon\=10 --thresholdForOptimizeAfterWarmUp\=20 --thresholdForOptimizeAfterLongWarmUp\=20 --thresholdForOptimizeSoon\=20 --thresholdForFTLOptimizeAfterWarmUp\=20 --thresholdForFTLOptimizeSoon\=20 --maximumEvalCacheableSourceLength\=150000 deltablue-varargs.js [2015-02-26 06:01:59] INFO: regress/script-tests/deltablue-varargs.js.ftl-eager: ERROR: Unexpected exit code: 139 [2015-02-26 06:01:59] ERROR: FAIL: regress/script-tests/deltablue-varargs.js.ftl-eager 1074033 7 ossy 2015-03-04 03:08:04 -0800 Still valid on Aarch64 Linux too: 5 test run, number of failures: 1 FAIL: regress/script-tests/deltablue-varargs.js.default-ftl 1 FAIL: regress/script-tests/deltablue-varargs.js.dfg-eager-no-cjit-validate 1 FAIL: regress/script-tests/deltablue-varargs.js.ftl-eager-no-cjit 1 FAIL: regress/script-tests/deltablue-varargs.js.ftl-no-cjit-validate 1 FAIL: regress/script-tests/deltablue-varargs.js.ftl-no-cjit-no-inline-validate 6 FAIL: regress/script-tests/deltablue-varargs.js.ftl-eager $ cat deltablue-varargs.js.ftl-eager.out Failed to insert inline cache for varargs call (specifically, CallVarargs) because we thought the size would be 300 but it ended up being 332 prior to compaction. Segmentation fault $ cat deltablue-varargs.js.ftl-no-cjit-validate.out Timed out after 240.000000 seconds! Segmentation fault 1074037 8 ossy 2015-03-04 03:34:30 -0800 deltablue-varargs.js is skipped on iOS from the beggining - r180279 : //@ skip if $architecture == "arm" and $hostOS == "darwin" 1075160 9 248114 rniwa 2015-03-06 16:49:26 -0800 Created attachment 248114 Fix 2 1075161 10 248114 msaboff 2015-03-06 16:50:20 -0800 Comment on attachment 248114 Fix 2 r=me 1075172 11 248114 commit-queue 2015-03-06 17:39:29 -0800 Comment on attachment 248114 Fix 2 Clearing flags on attachment: 248114 Committed r181195: <http://trac.webkit.org/changeset/181195> 247371 2015-02-25 17:21:04 -0800 2015-02-25 17:22:23 -0800 Fixes the bug bug-142030-20150225172051.patch text/plain 1287 rniwa SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTgwNjUwKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBA CisyMDE1LTAyLTI1ICBSeW9zdWtlIE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAg IFJFR1JFU1NJT04ocjE4MDU5NSk6IGNvbnN0cnVjdCB2YXJhcmdzIGZhaWxzIGluIEZUTAorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQyMDMwCisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVGhlIGJ1ZyB3YXMg Y2F1c2VkIGJ5IElDIHNpemUgYmVpbmcgdG9vIHNtYWxsIGZvciBjb25zdHJ1Y3RfdmFyYXJncyBl dmVuIHRob3VnaCB3ZSd2ZSBhZGRlZCBhIG5ldyBhcmd1bWVudC4KKyAgICAgICAgRml4ZWQgdGhl IGJ1ZyBieSBpbmNyZWFzaW5nIHRoZSBJQyBzaXplIHRvIG1hdGNoIGNhbGxfdmFyYXJncy4KKwor ICAgICAgICAqIGZ0bC9GVExJbmxpbmVDYWNoZVNpemUuY3BwOgorICAgICAgICAoSlNDOjpGVEw6 OnNpemVPZkNvbnN0cnVjdFZhcmFyZ3MpOgorCiAyMDE1LTAyLTI1ICBNYXJrIExhbSAgPG1hcmsu bGFtQGFwcGxlLmNvbT4KIAogICAgICAgICBBU2FuIGRvZXMgbm90IGxpa2UgSlNDOjpNYWNoaW5l VGhyZWFkczo6dHJ5Q29weU90aGVyVGhyZWFkU3RhY2suCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlw dENvcmUvZnRsL0ZUTElubGluZUNhY2hlU2l6ZS5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0ph dmFTY3JpcHRDb3JlL2Z0bC9GVExJbmxpbmVDYWNoZVNpemUuY3BwCShyZXZpc2lvbiAxODA2MzIp CisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZnRsL0ZUTElubGluZUNhY2hlU2l6ZS5jcHAJKHdv cmtpbmcgY29weSkKQEAgLTk0LDkgKzk0LDkgQEAgc2l6ZV90IHNpemVPZkNhbGxGb3J3YXJkVmFy YXJncygpCiBzaXplX3Qgc2l6ZU9mQ29uc3RydWN0VmFyYXJncygpCiB7CiAjaWYgQ1BVKEFSTTY0 KQotICAgIHJldHVybiAyODQ7CisgICAgcmV0dXJuIDMwMDsKICNlbHNlCi0gICAgcmV0dXJuIDI1 MzsKKyAgICByZXR1cm4gMjc1OwogI2VuZGlmCiB9CiAK 248114 2015-03-06 16:49:26 -0800 2015-03-06 17:39:29 -0800 Fix 2 fix142030b.patch text/plain 2217 rniwa SW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9D aGFuZ2VMb2cJKHJldmlzaW9uIDE4MTE5MikKKysrIExheW91dFRlc3RzL0NoYW5nZUxvZwkod29y a2luZyBjb3B5KQpAQCAtMSwzICsxLDE0IEBACisyMDE1LTAzLTA2ICBSeW9zdWtlIE5pd2EgIDxy bml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIFJFR1JFU1NJT04ocjE4MDU5NSk6IGNvbnN0cnVj dCB2YXJhcmdzIGZhaWxzIGluIEZUTAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9MTQyMDMwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BT ISkuCisKKyAgICAgICAgUmUtZW5hYmxlIHRoZSB0ZXN0IG9uIDY0LWJpdCBpT1MuCisKKyAgICAg ICAgKiBqcy9yZWdyZXNzL3NjcmlwdC10ZXN0cy9kZWx0YWJsdWUtdmFyYXJncy5qczoKKwogMjAx NS0wMy0wNiAgRGVhbiBKYWNrc29uICA8ZGlub0BhcHBsZS5jb20+CiAKICAgICAgICAgU3VwcG9y dCAicGx1cy1saWdodGVyIiBpbiBtaXgtYmxlbmQgbW9kZQpJbmRleDogTGF5b3V0VGVzdHMvanMv cmVncmVzcy9zY3JpcHQtdGVzdHMvZGVsdGFibHVlLXZhcmFyZ3MuanMKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g TGF5b3V0VGVzdHMvanMvcmVncmVzcy9zY3JpcHQtdGVzdHMvZGVsdGFibHVlLXZhcmFyZ3MuanMJ KHJldmlzaW9uIDE4MTEyMCkKKysrIExheW91dFRlc3RzL2pzL3JlZ3Jlc3Mvc2NyaXB0LXRlc3Rz L2RlbHRhYmx1ZS12YXJhcmdzLmpzCSh3b3JraW5nIGNvcHkpCkBAIC0xLDQgKzEsMyBAQAotLy9A IHNraXAgaWYgJGFyY2hpdGVjdHVyZSA9PSAiYXJtIiBhbmQgJGhvc3RPUyA9PSAiZGFyd2luIgog Ly8gQ29weXJpZ2h0IDIwMDggdGhlIFY4IHByb2plY3QgYXV0aG9ycy4gQWxsIHJpZ2h0cyByZXNl cnZlZC4KIC8vIENvcHlyaWdodCAxOTk2IEpvaG4gTWFsb25leSBhbmQgTWFyaW8gV29sY3prby4K IApJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBT b3VyY2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCShyZXZpc2lvbiAxODExOTIpCisrKyBTb3Vy Y2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTUg QEAKKzIwMTUtMDMtMDYgIFJ5b3N1a2UgTml3YSAgPHJuaXdhQHdlYmtpdC5vcmc+CisKKyAgICAg ICAgUkVHUkVTU0lPTihyMTgwNTk1KTogY29uc3RydWN0IHZhcmFyZ3MgZmFpbHMgaW4gRlRMCisg ICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDIwMzAKKwor ICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBJbmNyZWFzZSBz aXplT2ZDYWxsVmFyYXJncyBhcyBkb25lIGZvciBzaXplT2ZDb25zdHJ1Y3RWYXJhcmdzIGluIHIx ODA2NTEuCisKKyAgICAgICAgKiBmdGwvRlRMSW5saW5lQ2FjaGVTaXplLmNwcDoKKyAgICAgICAg KEpTQzo6RlRMOjpzaXplT2ZDYWxsVmFyYXJncyk6CisKIDIwMTUtMDMtMDYgIEpvc2VwaCBQZWNv cmFybyAgPHBlY29yYXJvQGFwcGxlLmNvbT4KIAogICAgICAgICBXZWIgSW5zcGVjdG9yOiBBZG9w dCBPYmplY3QgTGl0ZXJhbCBTaG9ydGhhbmQgUHJvcGVydHkgQ29uc3RydWN0aW9uIFN5bnRheApJ bmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL2Z0bC9GVExJbmxpbmVDYWNoZVNpemUuY3BwCj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRMSW5saW5lQ2FjaGVTaXpl LmNwcAkocmV2aXNpb24gMTgxMTIwKQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2Z0bC9GVExJ bmxpbmVDYWNoZVNpemUuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC03Niw3ICs3Niw3IEBACiBzaXpl X3Qgc2l6ZU9mQ2FsbFZhcmFyZ3MoKQogewogI2lmIENQVShBUk02NCkKLSAgICByZXR1cm4gMzAw OworICAgIHJldHVybiAzMzI7CiAjZWxzZQogICAgIHJldHVybiAyNzU7CiAjZW5kaWYK