180375 2017-12-04 13:22:24 -0800 Proxy all functions, except the $ objects 2017-12-04 15:16:43 -0800 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 180306 1 jfbastien jfbastien commit-queue fpizlo jfbastien keith_miller mark.lam mcatanzaro msaboff rmorisset saam webkit-bug-importer ysuzuki oldest_to_newest 1377856 0 jfbastien 2017-12-04 13:22:24 -0800 It looks like https://bugs.webkit.org/show_bug.cgi?id=180306 may have broken some executions because (I'm guessing here) I call some internal objects. Explicitly ignore objects whose name starts with "$" because it's a bad idea anyways. 1377860 1 mcatanzaro 2017-12-04 13:23:46 -0800 OK, I can reproduce the crashes locally: #0 0x000000000067c7b6 in JSC::CodeBlock::unlinkIncomingCalls() () #1 0x0000000000ce044d in JSC::ScriptExecutable::installCode(JSC::VM&, JSC::CodeBlock*, JSC::CodeType, JSC::CodeSpecializationKind) () #2 0x0000000000a1d4cc in JSC::JITWorklist::Plan::compileNow(JSC::CodeBlock*, unsigned int) () #3 0x0000000000a1a66a in JSC::JITWorklist::compileLater(JSC::CodeBlock*, unsigned int) () #4 0x0000000000a45923 in JSC::LLInt::jitCompileAndSetHeuristics(JSC::CodeBlock*, JSC::ExecState*, unsigned int) () #5 0x0000000000a44073 in llint_loop_osr () #6 0x0000000000a32964 in llint_entry () #7 0x0000000000a32c90 in llint_entry () #8 0x0000000000a2bb08 in vmEntryToJavaScript () #9 0x00000000009d4952 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () #10 0x00000000009ae252 in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) () #11 0x0000000000b5b94d in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () #12 0x0000000000666419 in jscmain(int, char**) () #13 0x000000000065c1ea in main () #0 0x000000000067c7b6 in JSC::CodeBlock::unlinkIncomingCalls() () #1 0x0000000000ce044d in JSC::ScriptExecutable::installCode(JSC::VM&, JSC::CodeBlock*, JSC::CodeType, JSC::CodeSpecializationKind) () #2 0x0000000000a1d4cc in JSC::JITWorklist::Plan::compileNow(JSC::CodeBlock*, unsigned int) () #3 0x0000000000a1a66a in JSC::JITWorklist::compileLater(JSC::CodeBlock*, unsigned int) () #4 0x0000000000a45923 in JSC::LLInt::jitCompileAndSetHeuristics(JSC::CodeBlock*, JSC::ExecState*, unsigned int) () #5 0x0000000000a44073 in llint_loop_osr () #6 0x0000000000a32964 in llint_entry () #7 0x0000000000a32c90 in llint_entry () #8 0x0000000000a2bb08 in vmEntryToJavaScript () #9 0x00000000009d4952 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () #10 0x00000000009ae252 in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) () #11 0x0000000000b5b94d in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () #12 0x0000000000666419 in jscmain(int, char**) () #13 0x000000000065c1ea in main () No data members because I was silly and did a release build specifically for this, thinking to avoid all the extra failures from asserts that are occurring in debug builds (we need to get a handle on those). I can redo it with a debug build if filtering out the $ objects doesn't work and you need a better backtrace. 1377861 2 328381 jfbastien 2017-12-04 13:24:43 -0800 Created attachment 328381 patch 1377863 3 jfbastien 2017-12-04 13:26:29 -0800 (In reply to Michael Catanzaro from comment #1) > OK, I can reproduce the crashes locally: Does it still repo with my change? 1377899 4 328381 commit-queue 2017-12-04 14:06:54 -0800 Comment on attachment 328381 patch Clearing flags on attachment: 328381 Committed r225493: <https://trac.webkit.org/changeset/225493> 1377900 5 commit-queue 2017-12-04 14:06:55 -0800 All reviewed patches have been landed. Closing bug. 1377902 6 webkit-bug-importer 2017-12-04 14:07:17 -0800 <rdar://problem/35838830> 1377948 7 mcatanzaro 2017-12-04 15:16:43 -0800 (In reply to JF Bastien from comment #3) > (In reply to Michael Catanzaro from comment #1) > > OK, I can reproduce the crashes locally: > > Does it still repo with my change? No, the bots are happy again. Thanks! 328381 2017-12-04 13:24:43 -0800 2017-12-04 14:06:54 -0800 patch 0001-Proxy-all-functions-except-the-objects.patch text/plain 2361 jfbastien RnJvbSBkODU1OTJjNTdmOGZhNmRlNTUyZDU3NjM3YmEzMWUxZDkwMjg5YzM3IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKRiBCYXN0aWVuIDxqZmJhc3RpZW5AYXBwbGUuY29tPgpEYXRl OiBNb24sIDQgRGVjIDIwMTcgMTM6MjQ6MjIgLTA4MDAKU3ViamVjdDogW1BBVENIXSBQcm94eSBh bGwgZnVuY3Rpb25zLCBleGNlcHQgdGhlICQgb2JqZWN0cwoKLS0tCiBKU1Rlc3RzL0NoYW5nZUxv ZyAgICAgICAgICAgICAgICAgICAgICAgICAgfCAxNSArKysrKysrKysrKysrKysKIEpTVGVzdHMv c3RyZXNzL3Byb3h5LWFsbC10aGUtcGFyYW1ldGVycy5qcyB8ICA2ICsrLS0tLQogMiBmaWxlcyBj aGFuZ2VkLCAxNyBpbnNlcnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL0pT VGVzdHMvQ2hhbmdlTG9nIGIvSlNUZXN0cy9DaGFuZ2VMb2cKaW5kZXggOTQ0NzdhNS4uNDZlMWQ1 ZCAxMDA2NDQKLS0tIGEvSlNUZXN0cy9DaGFuZ2VMb2cKKysrIGIvSlNUZXN0cy9DaGFuZ2VMb2cK QEAgLTEsMyArMSwxOCBAQAorMjAxNy0xMi0wNCAgSkYgQmFzdGllbiAgPGpmYmFzdGllbkBhcHBs ZS5jb20+CisKKyAgICAgICAgUHJveHkgYWxsIGZ1bmN0aW9ucywgZXhjZXB0IHRoZSAkIG9iamVj dHMKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE4MDM3 NQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEl0IGxv b2tzIGxpa2UgdGhpcyB0ZXN0IG1heSBoYXZlIGJyb2tlbiBzb21lIGV4ZWN1dGlvbnMgYmVjYXVz ZSBJCisgICAgICAgIGNhbGwgc29tZSBpbnRlcm5hbCBvYmplY3RzLiBFeHBsaWNpdGx5IGlnbm9y ZSBvYmplY3RzIHdob3NlIG5hbWUKKyAgICAgICAgc3RhcnRzIHdpdGggIiQiIGJlY2F1c2UgaXQn cyBhIGJhZCBpZGVhIGFueXdheXMuCisKKyAgICAgICAgKiBzdHJlc3MvcHJveHktYWxsLXRoZS1w YXJhbWV0ZXJzLmpzOgorICAgICAgICAoZ2VuZXJhdGVPYmplY3RzKToKKyAgICAgICAgKGdldCB0 aHJvdyk6CisKIDIwMTctMTItMDEgIEpGIEJhc3RpZW4gIDxqZmJhc3RpZW5AYXBwbGUuY29tPgog CiAgICAgICAgIFRyeSBwcm94eWluZyBhbGwgZnVuY3Rpb24gYXJndW1lbnRzCmRpZmYgLS1naXQg YS9KU1Rlc3RzL3N0cmVzcy9wcm94eS1hbGwtdGhlLXBhcmFtZXRlcnMuanMgYi9KU1Rlc3RzL3N0 cmVzcy9wcm94eS1hbGwtdGhlLXBhcmFtZXRlcnMuanMKaW5kZXggYmExYTRjZS4uNGRlNmNjYyAx MDA2NDQKLS0tIGEvSlNUZXN0cy9zdHJlc3MvcHJveHktYWxsLXRoZS1wYXJhbWV0ZXJzLmpzCisr KyBiL0pTVGVzdHMvc3RyZXNzL3Byb3h5LWFsbC10aGUtcGFyYW1ldGVycy5qcwpAQCAtMSw3ICsx LDUgQEAKIGNvbnN0IHZlcmJvc2UgPSBmYWxzZTsKIAotY29uc3QgaWdub3JlID0gWydxdWl0Jywg J3JlYWRsaW5lJywgJ3dhaXRGb3JSZXBvcnQnLCAnZmxhc2hIZWFwQWNjZXNzJywgJ2xlYXZpbmcn LCAnZ2V0UmVwb3J0J107Ci0KIGZ1bmN0aW9uIGlzUHJvcGVydHlPZlR5cGUob2JqLCBuYW1lLCB0 eXBlKSB7CiAgICAgbGV0IGRlc2M7CiAgICAgZGVzYyA9IE9iamVjdC5nZXRPd25Qcm9wZXJ0eURl c2NyaXB0b3Iob2JqLCBuYW1lKQpAQCAtMjIsNiArMjAsOCBAQCBmdW5jdGlvbiogZ2VuZXJhdGVP YmplY3RzKHJvb3QgPSB0aGlzLCBsZXZlbCA9IDApIHsKICAgICAgICAgcmV0dXJuOwogICAgIGxl dCBvYmpfbmFtZXMgPSBnZXRQcm9wZXJ0aWVzKHJvb3QsICdvYmplY3QnKTsKICAgICBmb3IgKGxl dCBvYmpfbmFtZSBvZiBvYmpfbmFtZXMpIHsKKyAgICAgICAgaWYgKG9ial9uYW1lLnN0YXJ0c1dp dGgoJyQnKSkKKyAgICAgICAgICAgIGNvbnRpbnVlOyAvLyBJZ25vcmUgaW50ZXJuYWwgb2JqZWN0 cy4KICAgICAgICAgbGV0IG9iaiA9IHJvb3Rbb2JqX25hbWVdOwogICAgICAgICB5aWVsZCBvYmo7 CiAgICAgICAgIHlpZWxkKiBnZW5lcmF0ZU9iamVjdHMob2JqLCBsZXZlbCArIDEpOwpAQCAtNDQs OCArNDQsNiBAQCBjb25zdCB0aHJvd2VyID0gbmV3IFByb3h5KHt9LCB7IGdldCgpIHsgdGhyb3cg MHhjMGRlZmVmZTsgfSB9KTsKIAogZm9yIChsZXQgbyBvZiBnZXRPYmplY3RzKCkpIHsKICAgICBm b3IgKGxldCBmIG9mIGdldEZ1bmN0aW9ucyhvKSkgewotICAgICAgICBpZiAoaWdub3JlLmluY2x1 ZGVzKGYpKQotICAgICAgICAgICAgY29udGludWU7CiAgICAgICAgIGNvbnN0IGFyaXR5UGx1c09u ZSA9IG9bZl0ubGVuZ3RoICsgMTsKICAgICAgICAgaWYgKHZlcmJvc2UpCiAgICAgICAgICAgICBw cmludChgQ2FsbGluZyAke299Wycke2Z9J10oJHtBcnJheShhcml0eVBsdXNPbmUpLmZpbGwoInRo cm93ZXIiKX0pYCk7Ci0tIAoyLjkuMwoK