156292 2016-04-06 09:31:02 -0700 32-bit JSC stress/multi-put-by-offset-multiple-transitions.js failing 2016-04-06 18:44:44 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 ryanhaddad fpizlo commit-queue fpizlo keith_miller mark.lam msaboff saam oldest_to_newest 1181265 0 ryanhaddad 2016-04-06 09:31:02 -0700 JSC stress/multi-put-by-offset-multiple-transitions.js failing <https://build.webkit.org/builders/Apple%20El%20Capitan%2032-bit%20JSC%20%28BuildAndTest%29/builds/2006/steps/webkit-32bit-jsc-test/logs/stdio> ** The following JSC stress test failures have been introduced: stress/multi-put-by-offset-multiple-transitions.js.always-trigger-copy-phase stress/multi-put-by-offset-multiple-transitions.js.default stress/multi-put-by-offset-multiple-transitions.js.default-ftl stress/multi-put-by-offset-multiple-transitions.js.dfg-eager stress/multi-put-by-offset-multiple-transitions.js.dfg-eager-no-cjit-validate stress/multi-put-by-offset-multiple-transitions.js.dfg-maximal-flush-validate-no-cjit stress/multi-put-by-offset-multiple-transitions.js.ftl-eager stress/multi-put-by-offset-multiple-transitions.js.ftl-eager-no-cjit stress/multi-put-by-offset-multiple-transitions.js.ftl-no-cjit-no-put-stack-validate stress/multi-put-by-offset-multiple-transitions.js.ftl-no-cjit-small-pool stress/multi-put-by-offset-multiple-transitions.js.ftl-no-cjit-validate-sampling-profiler stress/multi-put-by-offset-multiple-transitions.js.no-cjit-validate-phases stress/multi-put-by-offset-multiple-transitions.js.no-llint stress/multi-put-by-offset-multiple-transitions.js.default: ASSERTION FAILED: codeBlock->canGetCodeOrigin(index) stress/multi-put-by-offset-multiple-transitions.js.default: /Volumes/Data/slave/elcapitan-32bitJSC-debug/build/Source/JavaScriptCore/interpreter/StackVisitor.cpp(114) : void JSC::StackVisitor::readFrame(CallFrame *) stress/multi-put-by-offset-multiple-transitions.js.default: 1 0xe4707d WTFCrash stress/multi-put-by-offset-multiple-transitions.js.default: 2 0xd4f180 JSC::StackVisitor::readFrame(JSC::ExecState*) stress/multi-put-by-offset-multiple-transitions.js.default: 3 0xd4effd JSC::StackVisitor::StackVisitor(JSC::ExecState*) stress/multi-put-by-offset-multiple-transitions.js.default: 4 0xd4f364 JSC::StackVisitor::StackVisitor(JSC::ExecState*) stress/multi-put-by-offset-multiple-transitions.js.default: 5 0xa7c014 void JSC::StackVisitor::visit<JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*)::$_1>(JSC::ExecState*, JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*)::$_1 const&) stress/multi-put-by-offset-multiple-transitions.js.default: 6 0xa7bc83 JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*) stress/multi-put-by-offset-multiple-transitions.js.default: 7 0x7ef056 JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, int (&) [18]) stress/multi-put-by-offset-multiple-transitions.js.default: 8 0x7eee2e JSC::Heap::collect(JSC::HeapOperation) stress/multi-put-by-offset-multiple-transitions.js.default: 9 0x16de76 JSC::Heap::collectIfNecessaryOrDefer() stress/multi-put-by-offset-multiple-transitions.js.default: 10 0x16dd95 JSC::Heap::decrementDeferralDepthAndGCIfNeeded() stress/multi-put-by-offset-multiple-transitions.js.default: 11 0x16dd69 JSC::DeferGC::~DeferGC() stress/multi-put-by-offset-multiple-transitions.js.default: 12 0x16c267 JSC::DeferGC::~DeferGC() stress/multi-put-by-offset-multiple-transitions.js.default: 13 0x184fbe JSC::JSObject::setStructureAndReallocateStorageIfNecessary(JSC::VM&, unsigned int, JSC::Structure*) stress/multi-put-by-offset-multiple-transitions.js.default: 14 0x18491b JSC::JSObject::setStructureAndReallocateStorageIfNecessary(JSC::VM&, JSC::Structure*) stress/multi-put-by-offset-multiple-transitions.js.default: 15 0x93ea3e operationReallocateStorageAndFinishPut stress/multi-put-by-offset-multiple-transitions.js.default: 16 0x295d567 stress/multi-put-by-offset-multiple-transitions.js.default: 17 0x2960436 stress/multi-put-by-offset-multiple-transitions.js.default: 18 0xb2185c vmEntryToJavaScript stress/multi-put-by-offset-multiple-transitions.js.default: 19 0x928e82 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) stress/multi-put-by-offset-multiple-transitions.js.default: 20 0x8db0c9 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) stress/multi-put-by-offset-multiple-transitions.js.default: 21 0x2f8c48 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) stress/multi-put-by-offset-multiple-transitions.js.default: 22 0xc3cdc runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow, 16ul> const&, bool, bool) stress/multi-put-by-offset-multiple-transitions.js.default: 23 0xc30ef runJSC(JSC::VM*, CommandLine) stress/multi-put-by-offset-multiple-transitions.js.default: 24 0xc246a jscmain(int, char**) stress/multi-put-by-offset-multiple-transitions.js.default: 25 0xc22f6 main stress/multi-put-by-offset-multiple-transitions.js.default: 26 0x9633d6ad start stress/multi-put-by-offset-multiple-transitions.js.default: test_script_15870: line 2: 43021 Segmentation fault: 11 ( "$@" ../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true multi-put-by-offset-multiple-transitions.js ) 1181266 1 ryanhaddad 2016-04-06 09:32:39 -0700 The two JSC changes in the first failing run were <https://trac.webkit.org/changeset/199073> and <https://trac.webkit.org/changeset/199075>. r199073 was rolled out in r199084 for an unrelated reason, but the tests are still failing. 1181469 2 ryanhaddad 2016-04-06 17:11:47 -0700 Filip, is this something you can look at soon or should we go ahead and roll out r199075? 1181505 3 fpizlo 2016-04-06 18:15:43 -0700 This is going to be an easy fix. The code leading up to the call to operationReallocateStorageAndFinishPut doesn't stash the callsite index. 1181506 4 fpizlo 2016-04-06 18:15:58 -0700 (I have a fix, testing locally.) 1181511 5 275843 fpizlo 2016-04-06 18:34:46 -0700 Created attachment 275843 the patch 1181515 6 fpizlo 2016-04-06 18:44:44 -0700 Landed in http://trac.webkit.org/changeset/199132 275843 2016-04-06 18:34:46 -0700 2016-04-06 18:38:29 -0700 the patch blah.patch text/plain 1599 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTk5MTMwKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBA CisyMDE2LTA0LTA2ICBGaWxpcCBQaXpsbyAgPGZwaXpsb0BhcHBsZS5jb20+CisKKyAgICAgICAg MzItYml0IEpTQyBzdHJlc3MvbXVsdGktcHV0LWJ5LW9mZnNldC1tdWx0aXBsZS10cmFuc2l0aW9u cy5qcyBmYWlsaW5nCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0xNTYyOTIKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBNYWtlIHN1cmUgdGhhdCB3ZSBzdGFzaCB0aGUgY2FsbHNpdGUgaW5kZXggYmVmb3JlIGNh bGxpbmcgb3BlcmF0aW9uUmVhbGxvY2F0ZVN0b3JhZ2VBbmRGaW5pc2hQdXQuCisKKyAgICAgICAg KiBieXRlY29kZS9Qb2x5bW9ycGhpY0FjY2Vzcy5jcHA6CisgICAgICAgIChKU0M6OkFjY2Vzc0Nh c2U6OmdlbmVyYXRlKToKKwogMjAxNi0wNC0wNiAgRmlsaXAgUGl6bG8gIDxmcGl6bG9AYXBwbGUu Y29tPgogCiAgICAgICAgIEpTQyB0ZXN0IHN0cmVzcy9hcnJvd2Z1bmN0aW9uLWxleGljYWwtYmlu ZC1zdXBlcnByb3BlcnR5LmpzIGZhaWxpbmcKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9i eXRlY29kZS9Qb2x5bW9ycGhpY0FjY2Vzcy5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFT Y3JpcHRDb3JlL2J5dGVjb2RlL1BvbHltb3JwaGljQWNjZXNzLmNwcAkocmV2aXNpb24gMTk5MTI4 KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb2RlL1BvbHltb3JwaGljQWNjZXNzLmNw cAkod29ya2luZyBjb3B5KQpAQCAtMTE4OSw2ICsxMTg5LDkgQEAgdm9pZCBBY2Nlc3NDYXNlOjpn ZW5lcmF0ZShBY2Nlc3NHZW5lcmF0aQogICAgICAgICAgICAgYWxsb2NhdG9yLnByZXNlcnZlVXNl ZFJlZ2lzdGVyc1RvU2NyYXRjaEJ1ZmZlckZvckNhbGwoaml0LCBzY3JhdGNoQnVmZmVyLCBzY3Jh dGNoR1BSKTsKICAgICAgICAgICAgIGlmIChuZWVkc1RvTWFrZVJvb21PblN0YWNrRm9yQ0NhbGwp CiAgICAgICAgICAgICAgICAgaml0Lm1ha2VTcGFjZU9uU3RhY2tGb3JDQ2FsbCgpOworICAgICAg ICAgICAgaml0LnN0b3JlMzIoCisgICAgICAgICAgICAgICAgQ0NhbGxIZWxwZXJzOjpUcnVzdGVk SW1tMzIoc3RhdGUub3JpZ2luYWxDYWxsU2l0ZUluZGV4KCkuYml0cygpKSwKKyAgICAgICAgICAg ICAgICBDQ2FsbEhlbHBlcnM6OnRhZ0ZvcihzdGF0aWNfY2FzdDxWaXJ0dWFsUmVnaXN0ZXI+KEpT U3RhY2s6OkFyZ3VtZW50Q291bnQpKSk7CiAjaWYgVVNFKEpTVkFMVUU2NCkKICAgICAgICAgICAg IGppdC5zZXR1cEFyZ3VtZW50c1dpdGhFeGVjU3RhdGUoCiAgICAgICAgICAgICAgICAgYmFzZUdQ UiwK