171516 2017-05-01 15:24:16 -0700 32-bit JSC test failing: stress/js-fixed-array-out-of-memory.js.default 2017-05-02 10:55:56 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=171404 P2 Normal --- 1 ryanhaddad mark.lam fpizlo ggaren jfbastien keith_miller mark.lam msaboff saam oldest_to_newest 1303437 0 ryanhaddad 2017-05-01 15:24:16 -0700 32-bit JSC test failing: stress/js-fixed-array-out-of-memory.js.default stress/js-fixed-array-out-of-memory.js.default: 1 0x128ab8a WTFCrash stress/js-fixed-array-out-of-memory.js.default: 2 0x30d20b WTF::CrashOnOverflow::crash() stress/js-fixed-array-out-of-memory.js.default: 3 0x30d1db WTF::CrashOnOverflow::overflowed() stress/js-fixed-array-out-of-memory.js.default: 4 0x310900 WTF::Checked<unsigned long, WTF::CrashOnOverflow>::Checked<unsigned long>(unsigned long) stress/js-fixed-array-out-of-memory.js.default: 5 0x310834 WTF::Checked<unsigned long, WTF::CrashOnOverflow>::Checked(WTF::ResultOverflowedTag) stress/js-fixed-array-out-of-memory.js.default: 6 0x50d3fd WTF::Checked<WTF::Result<unsigned long, unsigned long>::ResultType, WTF::CrashOnOverflow> WTF::operator*<unsigned long, unsigned long, WTF::CrashOnOverflow>(WTF::Checked<unsigned long, WTF::CrashOnOverflow>, WTF::Checked<unsigned long, WTF::CrashOnOverflow>) stress/js-fixed-array-out-of-memory.js.default: 7 0x50d1dc WTF::Checked<WTF::Result<unsigned long, unsigned long>::ResultType, WTF::CrashOnOverflow> WTF::operator*<unsigned long, unsigned long, WTF::CrashOnOverflow>(WTF::Checked<unsigned long, WTF::CrashOnOverflow>, unsigned long) stress/js-fixed-array-out-of-memory.js.default: 8 0x5132ab JSC::JSFixedArray::allocationSize(WTF::Checked<unsigned long, WTF::CrashOnOverflow>) stress/js-fixed-array-out-of-memory.js.default: 9 0x513062 JSC::JSFixedArray::tryCreate(JSC::VM&, JSC::Structure*, unsigned int) stress/js-fixed-array-out-of-memory.js.default: 10 0x50c56e JSC::JSFixedArray::createFromArray(JSC::ExecState*, JSC::VM&, JSC::JSArray*) stress/js-fixed-array-out-of-memory.js.default: 11 0x50bfd3 slow_path_spread stress/js-fixed-array-out-of-memory.js.default: 12 0xeb2274 llint_entry stress/js-fixed-array-out-of-memory.js.default: 13 0xeb308a llint_entry stress/js-fixed-array-out-of-memory.js.default: 14 0xead94c vmEntryToJavaScript stress/js-fixed-array-out-of-memory.js.default: 15 0xc75078 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) stress/js-fixed-array-out-of-memory.js.default: 16 0xc19ba2 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) stress/js-fixed-array-out-of-memory.js.default: 17 0x514d65 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) stress/js-fixed-array-out-of-memory.js.default: 18 0xd2983 runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::String const&, bool, bool, bool) stress/js-fixed-array-out-of-memory.js.default: 19 0x8e247 jscmain(int, char**)::$_7::operator()(JSC::VM&, GlobalObject*) const stress/js-fixed-array-out-of-memory.js.default: 20 0x7dedf int runJSC<jscmain(int, char**)::$_7>(CommandLine, jscmain(int, char**)::$_7 const&) stress/js-fixed-array-out-of-memory.js.default: 21 0x7c85e jscmain(int, char**) stress/js-fixed-array-out-of-memory.js.default: 22 0x7c797 main stress/js-fixed-array-out-of-memory.js.default: 23 0xa1692395 start stress/js-fixed-array-out-of-memory.js.default: test_script_4864: line 2: 30673 Segmentation fault: 11 ( "$@" ../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --maxPerThreadStackUsage\=1572864 --useFTLJIT\=true --maxSingleAllocationSize\=1048576 js-fixed-array-out-of-memory.js ) stress/js-fixed-array-out-of-memory.js.default: ERROR: Unexpected exit code: 139 FAIL: stress/js-fixed-array-out-of-memory.js.default https://build.webkit.org/builders/Apple%20Sierra%2032-bit%20JSC%20%28BuildAndTest%29/builds/486 1303700 1 308830 mark.lam 2017-05-02 10:24:56 -0700 Created attachment 308830 proposed patch. 1303715 2 308830 ggaren 2017-05-02 10:45:11 -0700 Comment on attachment 308830 proposed patch. r=me 1303719 3 mark.lam 2017-05-02 10:55:56 -0700 Thanks for the review. Landed in r216076: <http://trac.webkit.org/r216076>. 308830 2017-05-02 10:24:56 -0700 2017-05-02 10:45:11 -0700 proposed patch. bug-171516.patch text/plain 2423 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjE2MDczKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIxIEBA CisyMDE3LTA1LTAyICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBK U0ZpeGVkQXJyYXk6OmFsbG9jYXRpb25TaXplKCkgc2hvdWxkIG5vdCBhbGxvdyBmb3IgYWxsb2Nh dGlvbiBmYWlsdXJlLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5j Z2k/aWQ9MTcxNTE2CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgU2luY2UgSlNGaXhlZEFycmF5OjpjcmVhdGVGcm9tQXJyYXkoKSBub3cgaGFuZGxlcyBh bGxvY2F0aW9uIGZhaWx1cmVzIGJ5IHRocm93aW5nCisgICAgICAgIE91dE9mTWVtb3J5RXJyb3Jz LCBpdHMgaGVscGVyIGZ1bmN0aW9uIGFsbG9jYXRpb25TaXplKCkgKHdoaWNoIGNvbXB1dGVzIHRo ZSBidWZmZXIKKyAgICAgICAgc2l6ZSB0byBhbGxvY2F0ZSkgc2hvdWxkIGFsc28gYWxsb3cgZm9y IGFsbG9jYXRpb24gZmFpbHVyZSBvbiBvdmVyZmxvdy4KKworICAgICAgICBUaGlzIGlzc3VlIGlz IGNvdmVyZWQgYnkgdGhlIHN0cmVzcy9qcy1maXhlZC1hcnJheS1vdXQtb2YtbWVtb3J5LmpzIHRl c3Qgd2hlbgorICAgICAgICBydW4gb24gMzItYml0IGJ1aWxkcy4KKworICAgICAgICAqIHJ1bnRp bWUvSlNGaXhlZEFycmF5Lmg6CisgICAgICAgIChKU0M6OkpTRml4ZWRBcnJheTo6dHJ5Q3JlYXRl KToKKyAgICAgICAgKEpTQzo6SlNGaXhlZEFycmF5OjphbGxvY2F0aW9uU2l6ZSk6CisKIDIwMTct MDUtMDEgIFphbiBEb2JlcnNlayAgPHpkb2JlcnNla0BpZ2FsaWEuY29tPgogCiAgICAgICAgIFth YXJjaDY0XVtMaW51eF0gbV9hbGxvd1NjcmF0Y2hSZWdpc3RlciBhc3NlcnQgaGl0IGluIE1hY3Jv QXNzZW1ibGVyQVJNNjQgdW5kZXIgQjM6OkFpcjo6Q0NhbGxTcGVjaWFsOjpnZW5lcmF0ZSgpCklu ZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0ZpeGVkQXJyYXkuaAo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0ZpeGVkQXJyYXkuaAkocmV2 aXNpb24gMjE2MDcwKQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNGaXhlZEFy cmF5LmgJKHdvcmtpbmcgY29weSkKQEAgLTEyMiw3ICsxMjIsMTEgQEAgcHJpdmF0ZToKIAogICAg IEFMV0FZU19JTkxJTkUgc3RhdGljIEpTRml4ZWRBcnJheSogdHJ5Q3JlYXRlKFZNJiB2bSwgU3Ry dWN0dXJlKiBzdHJ1Y3R1cmUsIHVuc2lnbmVkIHNpemUpCiAgICAgewotICAgICAgICB2b2lkKiBi dWZmZXIgPSB0cnlBbGxvY2F0ZUNlbGw8SlNGaXhlZEFycmF5Pih2bS5oZWFwLCBhbGxvY2F0aW9u U2l6ZShzaXplKSk7CisgICAgICAgIENoZWNrZWQ8c2l6ZV90LCBSZWNvcmRPdmVyZmxvdz4gY2hl Y2tlZEFsbG9jYXRpb25TaXplID0gYWxsb2NhdGlvblNpemUoc2l6ZSk7CisgICAgICAgIGlmIChV TkxJS0VMWShjaGVja2VkQWxsb2NhdGlvblNpemUuaGFzT3ZlcmZsb3dlZCgpKSkKKyAgICAgICAg ICAgIHJldHVybiBudWxscHRyOworCisgICAgICAgIHZvaWQqIGJ1ZmZlciA9IHRyeUFsbG9jYXRl Q2VsbDxKU0ZpeGVkQXJyYXk+KHZtLmhlYXAsIGNoZWNrZWRBbGxvY2F0aW9uU2l6ZS51bnNhZmVH ZXQoKSk7CiAgICAgICAgIGlmIChVTkxJS0VMWSghYnVmZmVyKSkKICAgICAgICAgICAgIHJldHVy biBudWxscHRyOwogICAgICAgICBKU0ZpeGVkQXJyYXkqIHJlc3VsdCA9IG5ldyAoTm90TnVsbCwg YnVmZmVyKSBKU0ZpeGVkQXJyYXkodm0sIHN0cnVjdHVyZSwgc2l6ZSk7CkBAIC0xNDAsOSArMTQ0 LDkgQEAgcHJpdmF0ZToKICAgICB9CiAKIAotICAgIHN0YXRpYyBzaXplX3QgYWxsb2NhdGlvblNp emUoQ2hlY2tlZDxzaXplX3Q+IG51bUl0ZW1zKQorICAgIHN0YXRpYyBDaGVja2VkPHNpemVfdCwg UmVjb3JkT3ZlcmZsb3c+IGFsbG9jYXRpb25TaXplKENoZWNrZWQ8c2l6ZV90LCBSZWNvcmRPdmVy Zmxvdz4gbnVtSXRlbXMpCiAgICAgewotICAgICAgICByZXR1cm4gKG9mZnNldE9mRGF0YSgpICsg bnVtSXRlbXMgKiBzaXplb2YoV3JpdGVCYXJyaWVyPFVua25vd24+KSkudW5zYWZlR2V0KCk7Cisg ICAgICAgIHJldHVybiBvZmZzZXRPZkRhdGEoKSArIG51bUl0ZW1zICogc2l6ZW9mKFdyaXRlQmFy cmllcjxVbmtub3duPik7CiAgICAgfQogfTsKIAo=