143087 2015-03-26 02:47:49 -0700 2 new test introcuced in r181993 crashes on Linux with enabled FTL JIT 2017-10-18 01:40:16 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED WORKSFORME P2 Normal --- 108645 141174 143605 143822 1 ossy webkit-unassigned cgarcia fpizlo ggaren mark.lam msaboff oliver ossy zan oldest_to_newest 1080239 0 ossy 2015-03-26 02:47:49 -0700 stress/varargs-closure-inlined-exit-strict-mode.js and stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager introduced in the gigantic https://trac.webkit.org/changeset/181993 and fail on AArch64 Linux, maybe on iOS too, but I have no information about it, because there is no public iOS tester bot. stress/varargs-closure-inlined-exit-strict-mode.js fails only in default-ftl mode: ----------------------------------------------------------------------------------- stress/varargs-closure-inlined-exit-strict-mode.js.default-ftl: Abstract value (CellBytecodedoubleBoolOther, TOP, TOP) for double node has type outside SpecFullDouble. stress/varargs-closure-inlined-exit-strict-mode.js.default-ftl: Segmentation fault stress/varargs-closure-inlined-exit-strict-mode.js.default-ftl: ERROR: Unexpected exit code: 139 stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager fails only in ftl-eager mode: ------------------------------------------------------------------------------------------- stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager: Abstract value (CellBytecodedoubleBoolOther, TOP, TOP) for double node has type outside SpecFullDouble. stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager: Segmentation fault stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager: ERROR: Unexpected exit code: 139 1080392 1 msaboff 2015-03-26 13:37:17 -0700 (In reply to comment #0) > stress/varargs-closure-inlined-exit-strict-mode.js and > stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager > introduced in the gigantic https://trac.webkit.org/changeset/181993 and fail > on AArch64 Linux, maybe on iOS too, > but I have no information about it, because there is no public iOS tester > bot. > > stress/varargs-closure-inlined-exit-strict-mode.js fails only in default-ftl > mode: > ----------------------------------------------------------------------------- > ------ > stress/varargs-closure-inlined-exit-strict-mode.js.default-ftl: Abstract > value (CellBytecodedoubleBoolOther, TOP, TOP) for double node has type > outside SpecFullDouble. > stress/varargs-closure-inlined-exit-strict-mode.js.default-ftl: Segmentation > fault > stress/varargs-closure-inlined-exit-strict-mode.js.default-ftl: ERROR: > Unexpected exit code: 139 > > stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager fails only in > ftl-eager mode: > ----------------------------------------------------------------------------- > -------------- > stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager: Abstract value > (CellBytecodedoubleBoolOther, TOP, TOP) for double node has type outside > SpecFullDouble. > stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager: Segmentation > fault > stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager: ERROR: > Unexpected exit code: 139 These are the new failures we saw on iOS AArch64 after r181993: jsc-layout-tests.yaml/js/script-tests/dfg-arguments-alias.js.layout-ftl jsc-layout-tests.yaml/js/script-tests/dfg-arguments-alias.js.layout-ftl-eager-no-cjit jsc-layout-tests.yaml/js/script-tests/dfg-arguments-alias.js.layout-ftl-no-cjit jsc-layout-tests.yaml/js/script-tests/dfg-arguments-mixed-alias.js.layout-ftl jsc-layout-tests.yaml/js/script-tests/dfg-arguments-mixed-alias.js.layout-ftl-no-cjit jsc-layout-tests.yaml/js/script-tests/dfg-arguments-osr-exit-multiple-blocks-before-exit.js.layout-ftl jsc-layout-tests.yaml/js/script-tests/dfg-arguments-osr-exit-multiple-blocks-before-exit.js.layout-ftl-eager-no-cjit jsc-layout-tests.yaml/js/script-tests/dfg-arguments-osr-exit-multiple-blocks-before-exit.js.layout-ftl-no-cjit jsc-layout-tests.yaml/js/script-tests/dfg-arguments-osr-exit-multiple-blocks.js.layout-ftl jsc-layout-tests.yaml/js/script-tests/dfg-arguments-osr-exit-multiple-blocks.js.layout-ftl-eager-no-cjit jsc-layout-tests.yaml/js/script-tests/dfg-arguments-osr-exit-multiple-blocks.js.layout-ftl-no-cjit jsc-layout-tests.yaml/js/script-tests/dfg-arguments-osr-exit.js.layout-ftl jsc-layout-tests.yaml/js/script-tests/dfg-arguments-osr-exit.js.layout-ftl-eager-no-cjit jsc-layout-tests.yaml/js/script-tests/dfg-arguments-osr-exit.js.layout-ftl-no-cjit jsc-layout-tests.yaml/js/script-tests/dfg-arguments-unexpected-escape.js.layout-ftl-eager-no-cjit regress/script-tests/deltablue-varargs.js.default-ftl regress/script-tests/deltablue-varargs.js.ftl-eager regress/script-tests/deltablue-varargs.js.ftl-eager-no-cjit regress/script-tests/deltablue-varargs.js.ftl-no-cjit-validate This have since been fixed. 1084309 2 ossy 2015-04-10 08:15:52 -0700 release crash log on Linux X86_64 with LLVM 3.6: stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: Abstract value (CellBytecodedoubleBoolOther, TOP, TOP) for double node has type outside SpecFullDouble. stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 1 0x2b9e7554f7d7 WTFCrash stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 2 0x2b9e75069e6b JSC::DFG::AbstractValue::fixTypeForRepresentation(unsigned int) stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 3 0x2b9e7509d573 JSC::DFG::AbstractInterpreter<JSC::DFG::InPlaceAbstractState>::executeEffects(unsigned int, JSC::DFG::Node*) stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 4 0x2b9e750a0175 bool JSC::DFG::runPhase<JSC::DFG::CFAPhase>(JSC::DFG::Graph&) stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 5 0x2b9e75144588 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 6 0x2b9e75144cf6 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 7 0x2b9e751bec65 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*) stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 8 0x2b9e7555d525 stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 9 0x2b9e75583dda stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 10 0x2b9e7592d182 stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: 11 0x2b9e75f4147d clone stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: Segmentation fault (core dumped) stress/varargs-varargs-inlined-exit-strict-mode.js.default-ftl: ERROR: Unexpected exit code: 139 1084319 3 ossy 2015-04-10 09:21:15 -0700 Unfortunately it is impossible to reproduce these crashes in debug mode, so we won't be able to get better backtrace. 1136845 4 ossy 2015-10-27 10:51:17 -0700 stress/varargs-closure-inlined-exit-strict-mode.js.default-ftl passes now, but FTL isn't triggered anymore for this test, so the bug can be still valid. stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-eager passes too, but FTL isn't triggered ... It's strange, I thought FTL is always triggered in "ftl-eager" cases. 1361600 5 zan 2017-10-18 01:40:16 -0700 These failures aren't exhibited anymore.