209035 2020-03-12 19:51:13 -0700 DFG nodes that take a TypedArray's storage need to keepAlive the TypedArray 2020-03-12 21:17:17 -0700 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 keith_miller keith_miller commit-queue ews-watchlist mark.lam msaboff saam tzagallo webkit-bug-importer oldest_to_newest 1629460 0 keith_miller 2020-03-12 19:51:13 -0700 DFG nodes that take a TypedArray's storage need to keepalive the TypedArray 1629467 1 393446 keith_miller 2020-03-12 19:57:19 -0700 Created attachment 393446 Patch 1629468 2 393446 saam 2020-03-12 19:59:51 -0700 Comment on attachment 393446 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393446&action=review r=me > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:3843 > + keepAlive(lowJSValue(baseEdge)); seems like this would crash in validation failure if we're speculating on base edge? Maybe pass ManualOperandSpeculation? (I don't remember if we actually speculate on base, but I presume we do) 1629474 3 393446 keith_miller 2020-03-12 20:27:12 -0700 Comment on attachment 393446 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393446&action=review >> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:3843 >> + keepAlive(lowJSValue(baseEdge)); > > seems like this would crash in validation failure if we're speculating on base edge? Maybe pass ManualOperandSpeculation? (I don't remember if we actually speculate on base, but I presume we do) Yeah, I think you're right. I copied this from the !storageEdge case above but we fix the edge in this case in fixup... 1629475 4 393447 keith_miller 2020-03-12 20:28:22 -0700 Created attachment 393447 Patch for landing 1629483 5 393447 commit-queue 2020-03-12 21:16:41 -0700 Comment on attachment 393447 Patch for landing Clearing flags on attachment: 393447 Committed r258381: <https://trac.webkit.org/changeset/258381> 1629484 6 commit-queue 2020-03-12 21:16:43 -0700 All reviewed patches have been landed. Closing bug. 1629485 7 webkit-bug-importer 2020-03-12 21:17:17 -0700 <rdar://problem/60402343> 393446 2020-03-12 19:57:19 -0700 2020-03-12 20:28:18 -0700 Patch bug-209035-20200312195719.patch text/plain 2889 keith_miller U3VidmVyc2lvbiBSZXZpc2lvbjogMjU4MzUwCmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCBj NTIzODNlMjliYTRmM2IyMDI5MzQ5NGFlZWE4NmM3ZjRhMDk0ZjUzLi42MzFhNjY2OWZmZTQwYTgz OTAyYmEwZTg0OTZjZmQwOGM2Y2RmYTYwIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwyMCBAQAorMjAyMC0wMy0xMiAgS2VpdGggTWlsbGVyICA8a2VpdGhfbWlsbGVyQGFwcGxl LmNvbT4KKworICAgICAgICBERkcgbm9kZXMgdGhhdCB0YWtlIGEgVHlwZWRBcnJheSdzIHN0b3Jh Z2UgbmVlZCB0byBrZWVwQWxpdmUgdGhlIFR5cGVkQXJyYXkKKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwOTAzNQorCisgICAgICAgIFJldmlld2VkIGJ5 IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEl0IG1pZ2h0IGJlIHBvc3NpYmxlIHRvIHByb2R1 Y2UgYSBncmFwaCB3aGVyZSB0aGUgbGFzdCByZWZlcmVuY2UgdG8gYSBUeXBlZEFycmF5CisgICAg ICAgIGlzIHZpYSBhIEdldEJ5VmFsIG9yIFB1dEJ5VmFsLiBTaW5jZSB0aG9zZSBub2RlcyBkb24n dCBjcmVhdGUgYW55IHJlZmVyZW5jZSB0byB0aGUKKyAgICAgICAgVHlwZWRBcnJheSBpbiBCMyB3 ZSBtYXkgZW5kIHVwIG5vdCBrZWVwaW5nIHRoZSBUeXBlZEFycmF5IGFsaXZlIHVudGlsIGFmdGVy IHRoZQorICAgICAgICBzdG9yYWdlIGFjY2Vzcy4KKworICAgICAgICAqIGZ0bC9GVExMb3dlckRG R1RvQjMuY3BwOgorICAgICAgICAoSlNDOjpGVEw6OkRGRzo6TG93ZXJERkdUb0IzOjpjb21waWxl QXRvbWljc1JlYWRNb2RpZnlXcml0ZSk6CisgICAgICAgIChKU0M6OkZUTDo6REZHOjpMb3dlckRG R1RvQjM6OmNvbXBpbGVHZXRCeVZhbCk6CisgICAgICAgIChKU0M6OkZUTDo6REZHOjpMb3dlckRG R1RvQjM6OmNvbXBpbGVQdXRCeVZhbCk6CisKIDIwMjAtMDMtMTIgIFl1c3VrZSBTdXp1a2kgIDx5 c3V6dWtpQGFwcGxlLmNvbT4KIAogICAgICAgICBbSlNDXSBVc2UgQ2FjaGVhYmxlSWRlbnRpZmll ciBpbiBCeVZhbEluZm8KZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRM TG93ZXJERkdUb0IzLmNwcCBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRMTG93ZXJERkdU b0IzLmNwcAppbmRleCA2NjllNTAxNTZiN2NlMTZkN2U2MWRjZWU5MDkyNmEwYjUxNGI5OWU0Li42 MGFkYzc5NjAxMGM0NDEyMzQwZThlYWNlNzhlYzg4NDUxZGEzMDJhIDEwMDY0NAotLS0gYS9Tb3Vy Y2UvSmF2YVNjcmlwdENvcmUvZnRsL0ZUTExvd2VyREZHVG9CMy5jcHAKKysrIGIvU291cmNlL0ph dmFTY3JpcHRDb3JlL2Z0bC9GVExMb3dlckRGR1RvQjMuY3BwCkBAIC0zODM4LDcgKzM4MzgsOSBA QCBwcml2YXRlOgogICAgICAgICAvLyB0aGUgdHlwZWQgYXJyYXkgc3RvcmFnZSwgc2luY2UgdGhh dCdzIGFzIHByZWNpc2Ugb2YgYW4gYWJzdHJhY3Rpb24gYXMgd2UgY2FuIGhhdmUgb2Ygc2hhcmVk CiAgICAgICAgIC8vIGFycmF5IGJ1ZmZlciBzdG9yYWdlLgogICAgICAgICBtX2hlYXBzLmRlY29y YXRlRmVuY2VkQWNjZXNzKCZtX2hlYXBzLnR5cGVkQXJyYXlQcm9wZXJ0aWVzLCBhdG9taWNWYWx1 ZSk7Ci0gICAgICAgIAorCisgICAgICAgIC8vIFdlIGhhdmUgdG8ga2VlcCBiYXNlIGFsaXZlIHNp bmNlIHRoYXQga2VlcHMgc3RvcmFnZSBhbGl2ZS4KKyAgICAgICAga2VlcEFsaXZlKGxvd0pTVmFs dWUoYmFzZUVkZ2UpKTsKICAgICAgICAgc2V0SW50VHlwZWRBcnJheUxvYWRSZXN1bHQocmVzdWx0 LCB0eXBlKTsKICAgICB9CiAgICAgCkBAIC00NjkzLDYgKzQ2OTUsNyBAQCBwcml2YXRlOgogICAg ICAgICBjYXNlIEFycmF5OjpVaW50MzJBcnJheToKICAgICAgICAgY2FzZSBBcnJheTo6RmxvYXQz MkFycmF5OgogICAgICAgICBjYXNlIEFycmF5OjpGbG9hdDY0QXJyYXk6IHsKKyAgICAgICAgICAg IExWYWx1ZSBiYXNlID0gbG93Q2VsbChtX2dyYXBoLnZhckFyZ0NoaWxkKG1fbm9kZSwgMCkpOwog ICAgICAgICAgICAgTFZhbHVlIGluZGV4ID0gbG93SW50MzIobV9ncmFwaC52YXJBcmdDaGlsZCht X25vZGUsIDEpKTsKICAgICAgICAgICAgIExWYWx1ZSBzdG9yYWdlID0gbG93U3RvcmFnZShtX2dy YXBoLnZhckFyZ0NoaWxkKG1fbm9kZSwgMikpOwogICAgICAgICAgICAgCkBAIC00NzIyLDYgKzQ3 MjUsOCBAQCBwcml2YXRlOgogICAgICAgICAgICAgICAgICAgICBERkdfQ1JBU0gobV9ncmFwaCwg bV9ub2RlLCAiQmFkIHR5cGVkIGFycmF5IHR5cGUiKTsKICAgICAgICAgICAgICAgICB9CiAgICAg ICAgICAgICAgICAgCisgICAgICAgICAgICAgICAgLy8gV2UgaGF2ZSB0byBrZWVwIGJhc2UgYWxp dmUgc2luY2UgdGhhdCBrZWVwcyBzdG9yYWdlIGFsaXZlLgorICAgICAgICAgICAgICAgIGtlZXBB bGl2ZShiYXNlKTsKICAgICAgICAgICAgICAgICBzZXREb3VibGUocmVzdWx0KTsKICAgICAgICAg ICAgICAgICByZXR1cm47CiAgICAgICAgICAgICB9CkBAIC01MDg4LDYgKzUwOTMsOCBAQCBwcml2 YXRlOgogICAgICAgICAgICAgICAgICAgICBtX291dC5hcHBlbmRUbyhjb250aW51YXRpb24sIGxh c3ROZXh0KTsKICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgCisgICAgICAgICAg ICAgICAgLy8gV2UgaGF2ZSB0byBrZWVwIGJhc2UgYWxpdmUgc2luY2UgdGhhdCBrZWVwcyBzdG9y YWdlIGFsaXZlLgorICAgICAgICAgICAgICAgIGtlZXBBbGl2ZShiYXNlKTsKICAgICAgICAgICAg ICAgICByZXR1cm47CiAgICAgICAgICAgICB9CiAgICAgICAgIH0K 393447 2020-03-12 20:28:22 -0700 2020-03-12 21:16:41 -0700 Patch for landing bug-209035-20200312202819.patch text/plain 2883 keith_miller U3VidmVyc2lvbiBSZXZpc2lvbjogMjU4Mzc5CmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCBj NTIzODNlMjliYTRmM2IyMDI5MzQ5NGFlZWE4NmM3ZjRhMDk0ZjUzLi5kZDk1MmMyZDIwZjM1OWFl ZDU5NjU0ODYyNTQ5N2JhOGU1MDk2OGQyIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwyMCBAQAorMjAyMC0wMy0xMiAgS2VpdGggTWlsbGVyICA8a2VpdGhfbWlsbGVyQGFwcGxl LmNvbT4KKworICAgICAgICBERkcgbm9kZXMgdGhhdCB0YWtlIGEgVHlwZWRBcnJheSdzIHN0b3Jh Z2UgbmVlZCB0byBrZWVwQWxpdmUgdGhlIFR5cGVkQXJyYXkKKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwOTAzNQorCisgICAgICAgIFJldmlld2VkIGJ5 IFNhYW0gQmFyYXRpLgorCisgICAgICAgIEl0IG1pZ2h0IGJlIHBvc3NpYmxlIHRvIHByb2R1Y2Ug YSBncmFwaCB3aGVyZSB0aGUgbGFzdCByZWZlcmVuY2UgdG8gYSBUeXBlZEFycmF5CisgICAgICAg IGlzIHZpYSBhIEdldEJ5VmFsIG9yIFB1dEJ5VmFsLiBTaW5jZSB0aG9zZSBub2RlcyBkb24ndCBj cmVhdGUgYW55IHJlZmVyZW5jZSB0byB0aGUKKyAgICAgICAgVHlwZWRBcnJheSBpbiBCMyB3ZSBt YXkgZW5kIHVwIG5vdCBrZWVwaW5nIHRoZSBUeXBlZEFycmF5IGFsaXZlIHVudGlsIGFmdGVyIHRo ZQorICAgICAgICBzdG9yYWdlIGFjY2Vzcy4KKworICAgICAgICAqIGZ0bC9GVExMb3dlckRGR1Rv QjMuY3BwOgorICAgICAgICAoSlNDOjpGVEw6OkRGRzo6TG93ZXJERkdUb0IzOjpjb21waWxlQXRv bWljc1JlYWRNb2RpZnlXcml0ZSk6CisgICAgICAgIChKU0M6OkZUTDo6REZHOjpMb3dlckRGR1Rv QjM6OmNvbXBpbGVHZXRCeVZhbCk6CisgICAgICAgIChKU0M6OkZUTDo6REZHOjpMb3dlckRGR1Rv QjM6OmNvbXBpbGVQdXRCeVZhbCk6CisKIDIwMjAtMDMtMTIgIFl1c3VrZSBTdXp1a2kgIDx5c3V6 dWtpQGFwcGxlLmNvbT4KIAogICAgICAgICBbSlNDXSBVc2UgQ2FjaGVhYmxlSWRlbnRpZmllciBp biBCeVZhbEluZm8KZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRMTG93 ZXJERkdUb0IzLmNwcCBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRMTG93ZXJERkdUb0Iz LmNwcAppbmRleCA2NjllNTAxNTZiN2NlMTZkN2U2MWRjZWU5MDkyNmEwYjUxNGI5OWU0Li5mYjFk MDI1NTY1N2Q4OGEzNTExYTI1YzViNDQ5YTQxNmRkYmMzZDA3IDEwMDY0NAotLS0gYS9Tb3VyY2Uv SmF2YVNjcmlwdENvcmUvZnRsL0ZUTExvd2VyREZHVG9CMy5jcHAKKysrIGIvU291cmNlL0phdmFT Y3JpcHRDb3JlL2Z0bC9GVExMb3dlckRGR1RvQjMuY3BwCkBAIC0zODM4LDcgKzM4MzgsOSBAQCBw cml2YXRlOgogICAgICAgICAvLyB0aGUgdHlwZWQgYXJyYXkgc3RvcmFnZSwgc2luY2UgdGhhdCdz IGFzIHByZWNpc2Ugb2YgYW4gYWJzdHJhY3Rpb24gYXMgd2UgY2FuIGhhdmUgb2Ygc2hhcmVkCiAg ICAgICAgIC8vIGFycmF5IGJ1ZmZlciBzdG9yYWdlLgogICAgICAgICBtX2hlYXBzLmRlY29yYXRl RmVuY2VkQWNjZXNzKCZtX2hlYXBzLnR5cGVkQXJyYXlQcm9wZXJ0aWVzLCBhdG9taWNWYWx1ZSk7 Ci0gICAgICAgIAorCisgICAgICAgIC8vIFdlIGhhdmUgdG8ga2VlcCBiYXNlIGFsaXZlIHNpbmNl IHRoYXQga2VlcHMgc3RvcmFnZSBhbGl2ZS4KKyAgICAgICAga2VlcEFsaXZlKGxvd0NlbGwoYmFz ZUVkZ2UpKTsKICAgICAgICAgc2V0SW50VHlwZWRBcnJheUxvYWRSZXN1bHQocmVzdWx0LCB0eXBl KTsKICAgICB9CiAgICAgCkBAIC00NjkzLDYgKzQ2OTUsNyBAQCBwcml2YXRlOgogICAgICAgICBj YXNlIEFycmF5OjpVaW50MzJBcnJheToKICAgICAgICAgY2FzZSBBcnJheTo6RmxvYXQzMkFycmF5 OgogICAgICAgICBjYXNlIEFycmF5OjpGbG9hdDY0QXJyYXk6IHsKKyAgICAgICAgICAgIExWYWx1 ZSBiYXNlID0gbG93Q2VsbChtX2dyYXBoLnZhckFyZ0NoaWxkKG1fbm9kZSwgMCkpOwogICAgICAg ICAgICAgTFZhbHVlIGluZGV4ID0gbG93SW50MzIobV9ncmFwaC52YXJBcmdDaGlsZChtX25vZGUs IDEpKTsKICAgICAgICAgICAgIExWYWx1ZSBzdG9yYWdlID0gbG93U3RvcmFnZShtX2dyYXBoLnZh ckFyZ0NoaWxkKG1fbm9kZSwgMikpOwogICAgICAgICAgICAgCkBAIC00NzIyLDYgKzQ3MjUsOCBA QCBwcml2YXRlOgogICAgICAgICAgICAgICAgICAgICBERkdfQ1JBU0gobV9ncmFwaCwgbV9ub2Rl LCAiQmFkIHR5cGVkIGFycmF5IHR5cGUiKTsKICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAg ICAgICAgCisgICAgICAgICAgICAgICAgLy8gV2UgaGF2ZSB0byBrZWVwIGJhc2UgYWxpdmUgc2lu Y2UgdGhhdCBrZWVwcyBzdG9yYWdlIGFsaXZlLgorICAgICAgICAgICAgICAgIGtlZXBBbGl2ZShi YXNlKTsKICAgICAgICAgICAgICAgICBzZXREb3VibGUocmVzdWx0KTsKICAgICAgICAgICAgICAg ICByZXR1cm47CiAgICAgICAgICAgICB9CkBAIC01MDg4LDYgKzUwOTMsOCBAQCBwcml2YXRlOgog ICAgICAgICAgICAgICAgICAgICBtX291dC5hcHBlbmRUbyhjb250aW51YXRpb24sIGxhc3ROZXh0 KTsKICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgCisgICAgICAgICAgICAgICAg Ly8gV2UgaGF2ZSB0byBrZWVwIGJhc2UgYWxpdmUgc2luY2UgdGhhdCBrZWVwcyBzdG9yYWdlIGFs aXZlLgorICAgICAgICAgICAgICAgIGtlZXBBbGl2ZShiYXNlKTsKICAgICAgICAgICAgICAgICBy ZXR1cm47CiAgICAgICAgICAgICB9CiAgICAgICAgIH0K