191724 2018-11-15 16:21:45 -0800 ASSERTION FAILED: m_lastOpcodeID == op_end || (m_lastOpcodeID == m_lastInstruction->opcodeID() && m_writer.position() == m_lastInstruction.offset() + m_lastInstruction->size()) 2018-11-16 07:24:14 -0800 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 tzagallo tzagallo commit-queue ews-watchlist keith_miller mark.lam msaboff saam oldest_to_newest 1479167 0 tzagallo 2018-11-15 16:21:45 -0800 Since https://bugs.webkit.org/show_bug.cgi?id=187373, we were not restoring m_lastInstruction after patching the bytecode when finalizing StructureForInContexts, only m_lastOpcodeID, which led to the assertion failure. 1479168 1 tzagallo 2018-11-15 16:25:26 -0800 <rdar://problem/45724395> 1479169 2 354995 tzagallo 2018-11-15 16:26:18 -0800 Created attachment 354995 Patch 1479175 3 354995 saam 2018-11-15 16:41:57 -0800 Comment on attachment 354995 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=354995&action=review > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:4866 > + if (generator.m_lastInstruction.offset() + generator.m_lastInstruction->size() != generator.m_writer.size()) { > generator.m_lastOpcodeID = lastOpcodeID; > + generator.m_lastInstruction = lastInstruction; > } Why isn't this unconditional? 1479176 4 354995 tzagallo 2018-11-15 16:46:56 -0800 Comment on attachment 354995 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=354995&action=review >> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:4866 >> } > > Why isn't this unconditional? Because if we're writing at end of the stream the lastInstruction we saved might no longer be up-to-date. (i.e. it was op_get_direct_pname, but it was replaced by op_get_by_val + op_nop, so the current value, which should be op_nop, is correct.) 1479201 5 354995 saam 2018-11-15 17:45:27 -0800 Comment on attachment 354995 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=354995&action=review r=me >>> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:4866 >>> } >> >> Why isn't this unconditional? > > Because if we're writing at end of the stream the lastInstruction we saved might no longer be up-to-date. (i.e. it was op_get_direct_pname, but it was replaced by op_get_by_val + op_nop, so the current value, which should be op_nop, is correct.) makes sense 1479403 6 354995 commit-queue 2018-11-16 07:24:12 -0800 Comment on attachment 354995 Patch Clearing flags on attachment: 354995 Committed r238281: <https://trac.webkit.org/changeset/238281> 1479404 7 commit-queue 2018-11-16 07:24:14 -0800 All reviewed patches have been landed. Closing bug. 354995 2018-11-15 16:26:18 -0800 2018-11-16 07:24:12 -0800 Patch bug-191724-20181116012550.patch text/plain 3831 tzagallo U3VidmVyc2lvbiBSZXZpc2lvbjogMjM4MjM4CmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCAw YjU4OGIwMDU2ODg2OTcwZDU5NDk2MTZiOWRiMTg2Nzk5NzgyMjY3Li5lNzFlNjEzMWZmMTliOWMy YmQ1YzlmZTZkMTBkYmRhZDFjM2Q5YTUwIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxOSBAQAorMjAxOC0xMS0xNSAgVGFkZXUgWmFnYWxsbyAgPHR6YWdhbGxvQGFwcGxlLmNv bT4KKworICAgICAgICBGaXggYXNzZXJ0aW9uIGZhaWx1cmUgb24gQnl0ZWNvZGVHZW5lcmF0b3I6 OnJlY29yZE9wY29kZQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5j Z2k/aWQ9MTkxNzI0CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS80NTcyNDM5NT4KKworICAgICAg ICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBTaW5jZSBodHRwczovL2J1 Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTg3MzczLCB3ZSB3ZXJlIG5vdAorICAgICAg ICByZXN0b3JpbmcgbV9sYXN0SW5zdHJ1Y3Rpb24gYWZ0ZXIgcGF0Y2hpbmcgdGhlIGJ5dGVjb2Rl IHdoZW4KKyAgICAgICAgZmluYWxpemluZyBTdHJ1Y3R1cmVGb3JJbkNvbnRleHRzLCBvbmx5IG1f bGFzdE9wY29kZUlELCB3aGljaCBsZWQgdG8KKyAgICAgICAgdGhlIGFzc2VydGlvbiBmYWlsdXJl LgorCisgICAgICAgICogYnl0ZWNvbXBpbGVyL0J5dGVjb2RlR2VuZXJhdG9yLmNwcDoKKyAgICAg ICAgKEpTQzo6U3RydWN0dXJlRm9ySW5Db250ZXh0OjpmaW5hbGl6ZSk6CisKIDIwMTgtMTEtMTUg IEtlaXRoIFJvbGxpbiAgPGtyb2xsaW5AYXBwbGUuY29tPgogCiAgICAgICAgIERlbGV0ZSBvbGQg LnhjZmlsZWxpc3QgZmlsZXMKZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9ieXRl Y29tcGlsZXIvQnl0ZWNvZGVHZW5lcmF0b3IuY3BwIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL2J5 dGVjb21waWxlci9CeXRlY29kZUdlbmVyYXRvci5jcHAKaW5kZXggNGRiMmE1MDUxNGIxYTdhMGZm NGQyNWI5MjdiYTMwMDRhMmE1MmI0ZC4uOWIxN2Q4OWI4MDZmY2VlOTZkMmFmN2JkMWE3ODAwMWI5 ZjA1NmQxMiAxMDA2NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb21waWxlci9C eXRlY29kZUdlbmVyYXRvci5jcHAKKysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb21w aWxlci9CeXRlY29kZUdlbmVyYXRvci5jcHAKQEAgLTQ4MzMsNiArNDgzMyw4IEBAIHZvaWQgU3Ry dWN0dXJlRm9ySW5Db250ZXh0OjpmaW5hbGl6ZShCeXRlY29kZUdlbmVyYXRvciYgZ2VuZXJhdG9y LCBVbmxpbmtlZENvZGVCCiAgICAgaWYgKGlzVmFsaWQoKSkKICAgICAgICAgcmV0dXJuOwogCisg ICAgT3Bjb2RlSUQgbGFzdE9wY29kZUlEID0gZ2VuZXJhdG9yLm1fbGFzdE9wY29kZUlEOworICAg IEluc3RydWN0aW9uU3RyZWFtOjpNdXRhYmxlUmVmIGxhc3RJbnN0cnVjdGlvbiA9IGdlbmVyYXRv ci5tX2xhc3RJbnN0cnVjdGlvbjsKICAgICBmb3IgKGNvbnN0IGF1dG8mIGluc3RUdXBsZSA6IG1f Z2V0SW5zdHMpIHsKICAgICAgICAgdW5zaWduZWQgaW5zdEluZGV4ID0gc3RkOjpnZXQ8MD4oaW5z dFR1cGxlKTsKICAgICAgICAgaW50IHByb3BlcnR5UmVnSW5kZXggPSBzdGQ6OmdldDwxPihpbnN0 VHVwbGUpOwpAQCAtNDg0NSw3ICs0ODQ3LDYgQEAgdm9pZCBTdHJ1Y3R1cmVGb3JJbkNvbnRleHQ6 OmZpbmFsaXplKEJ5dGVjb2RlR2VuZXJhdG9yJiBnZW5lcmF0b3IsIFVubGlua2VkQ29kZUIKICAg ICAgICAgYXV0byBieXRlY29kZSA9IGluc3RydWN0aW9uLT5hczxPcEdldERpcmVjdFBuYW1lPigp OwogCiAgICAgICAgIC8vIGRpc2FibGUgcGVlcGhvbGUgb3B0aW1pemF0aW9ucwotICAgICAgICBP cGNvZGVJRCBsYXN0T3Bjb2RlSUQgPSBnZW5lcmF0b3IubV9sYXN0T3Bjb2RlSUQ7CiAgICAgICAg IGdlbmVyYXRvci5tX2xhc3RPcGNvZGVJRCA9IG9wX2VuZDsKIAogICAgICAgICAvLyBDaGFuZ2Ug dGhlIG9wY29kZSB0byBnZXRfYnlfdmFsLgpAQCAtNDg1Nyw4ICs0ODU4LDExIEBAIHZvaWQgU3Ry dWN0dXJlRm9ySW5Db250ZXh0OjpmaW5hbGl6ZShCeXRlY29kZUdlbmVyYXRvciYgZ2VuZXJhdG9y LCBVbmxpbmtlZENvZGVCCiAgICAgICAgIC8vIDQuIG5vcCBvdXQgdGhlIHJlbWFpbmluZyBieXRl cwogICAgICAgICB3aGlsZSAoZ2VuZXJhdG9yLm1fd3JpdGVyLnBvc2l0aW9uKCkgPCBlbmQpCiAg ICAgICAgICAgICBPcE5vcDo6ZW1pdDxPcGNvZGVTaXplOjpOYXJyb3c+KCZnZW5lcmF0b3IpOwot ICAgICAgICBnZW5lcmF0b3IubV93cml0ZXIuc2VlayhnZW5lcmF0b3IubV93cml0ZXIuc2l6ZSgp KTsKKyAgICB9CisgICAgZ2VuZXJhdG9yLm1fd3JpdGVyLnNlZWsoZ2VuZXJhdG9yLm1fd3JpdGVy LnNpemUoKSk7CisgICAgaWYgKGdlbmVyYXRvci5tX2xhc3RJbnN0cnVjdGlvbi5vZmZzZXQoKSAr IGdlbmVyYXRvci5tX2xhc3RJbnN0cnVjdGlvbi0+c2l6ZSgpICE9IGdlbmVyYXRvci5tX3dyaXRl ci5zaXplKCkpIHsKICAgICAgICAgZ2VuZXJhdG9yLm1fbGFzdE9wY29kZUlEID0gbGFzdE9wY29k ZUlEOworICAgICAgICBnZW5lcmF0b3IubV9sYXN0SW5zdHJ1Y3Rpb24gPSBsYXN0SW5zdHJ1Y3Rp b247CiAgICAgfQogfQogCmRpZmYgLS1naXQgYS9KU1Rlc3RzL0NoYW5nZUxvZyBiL0pTVGVzdHMv Q2hhbmdlTG9nCmluZGV4IDc2OGMxMDBjNDM0MDYwY2U5ZTFiNjk4ZGU2MzZmYTNmYTFlNGQxZTcu LjVkYzY4MzU4MDc2NDEyMDdlZTcyYjVlZmE3N2UwNDVmNmZjZWZlMGMgMTAwNjQ0Ci0tLSBhL0pT VGVzdHMvQ2hhbmdlTG9nCisrKyBiL0pTVGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTQgQEAK KzIwMTgtMTEtMTUgIFRhZGV1IFphZ2FsbG8gIDx0emFnYWxsb0BhcHBsZS5jb20+CisKKyAgICAg ICAgRml4IGFzc2VydGlvbiBmYWlsdXJlIG9uIEJ5dGVjb2RlR2VuZXJhdG9yOjpyZWNvcmRPcGNv ZGUKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5MTcy NAorICAgICAgICA8cmRhcjovL3Byb2JsZW0vNDU3MjQzOTU+CisKKyAgICAgICAgUmV2aWV3ZWQg YnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBzdHJlc3MvcmVncmVzcy0xODczNzMtMi5q czogQWRkZWQuCisgICAgICAgIChmb28pOgorCiAyMDE4LTExLTEzICBTYWFtIEJhcmF0aSAgPHNi YXJhdGlAYXBwbGUuY29tPgogCiAgICAgICAgIFR5cGVQcm9maWxlTG9nOjpwcm9jZXNzTG9nRW50 cmllcyBzaG91bGQgc3Rhc2ggYXdheSBhbnkgcGVuZGluZyBleGNlcHRpb25zIGFuZCByZS1hcHBs eSB0aGVtIHRvIHRoZSBWTQpkaWZmIC0tZ2l0IGEvSlNUZXN0cy9zdHJlc3MvcmVncmVzcy0xODcz NzMtMi5qcyBiL0pTVGVzdHMvc3RyZXNzL3JlZ3Jlc3MtMTg3MzczLTIuanMKbmV3IGZpbGUgbW9k ZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC4u OTIyOWY2Zjg3ZDI2NjFhMDk5NDU1OWViNzExNzExMGVmMWU0M2Y0ZgotLS0gL2Rldi9udWxsCisr KyBiL0pTVGVzdHMvc3RyZXNzL3JlZ3Jlc3MtMTg3MzczLTIuanMKQEAgLTAsMCArMSw4IEBACisv L0AgcnVuRGVmYXVsdCgiLS11c2VDb250cm9sRmxvd1Byb2ZpbGVyPXRydWUiKQorCitmdW5jdGlv biBmb28oKSB7CisgICAgZm9yICh2YXIgeCBpbiBbXSkgeworICAgICAgICBvWysreF07CisgICAg fQorfQorZm9vKCkK