25680 2009-05-10 19:07:35 -0700 REGRESSION(r43432): Many JavaScriptCore tests crash in 64-bit 2009-05-11 00:21:34 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED InRadar P1 Normal --- 1 mrowe mjs mjs oldest_to_newest 120584 0 mrowe 2009-05-10 19:07:35 -0700 In r43431 there are no JavaScriptCore test failures in 64-bit. In r43432 there are 111 regressions, all of which appear to be crashes. Backtrace at point of crash looks a little bit like the following: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 0x0000000100091928 in WTF::RefPtr<JSC::UString::Rep>::get (this=0x0) at RefPtr.h:54 54 T* get() const { return m_ptr; } (gdb) bt #0 0x0000000100091928 in WTF::RefPtr<JSC::UString::Rep>::get (this=0x0) at RefPtr.h:54 #1 0x0000000100091a27 in WTF::operator==<JSC::UString::Rep, JSC::UString::BaseString> (a=@0x0, b=0x100a05120) at RefPtr.h:161 #2 0x0000000100091a57 in JSC::UString::isNull (this=0x0) at UString.h:292 #3 0x0000000100091a71 in JSC::Identifier::isNull (this=0x0) at Identifier.h:58 #4 0x00000001000b5a87 in JSC::Structure::get (this=0x10210f710, propertyName=@0x0) at Structure.h:179 #5 0x00000001000b5c6d in JSC::JSObject::getDirectLocation (this=0x1009f6680, propertyName=@0x0) at JSObject.h:140 #6 0x00000001000b5cc0 in JSC::JSObject::inlineGetOwnPropertySlot (this=0x1009f6680, exec=0x100b10048, propertyName=@0x0, slot=@0x5b084c87) at JSObject.h:297 #7 0x00000001000b5dc9 in JSC::JSObject::getOwnPropertySlot (this=0x1009f6680, exec=0x100b10048, propertyName=@0x0, slot=@0x5b084c87) at JSObject.h:343 #8 0x000000010009ebc6 in JSC::JSValue::toPrimitive (this=0x7fff5fbff150, exec=0x100b10048, preferredType=JSC::NoPreference) at JSCell.h:241 #9 0x00000001001224d5 in JSC::JITStubs::cti_op_to_primitive (args=0x7fff5fbff180) at JavaScriptCore/jit/JITStubs.cpp:2230 120585 1 mrowe 2009-05-10 19:09:05 -0700 <rdar://problem/6873682> 120603 2 30174 mjs 2009-05-10 23:04:46 -0700 Created attachment 30174 the fix 120604 3 30174 ggaren 2009-05-10 23:05:53 -0700 Comment on attachment 30174 the fix r=me 30174 2009-05-10 23:04:46 -0700 2009-05-10 23:05:53 -0700 the fix 64bit-fix.patch.txt text/plain 4394 mjs SW5kZXg6IENoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBDaGFuZ2VMb2cJKHJldmlzaW9uIDQzNDgw KQorKysgQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTcgQEAKKzIwMDktMDUt MTAgIE1hY2llaiBTdGFjaG93aWFrICA8bWpzQGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkgKE9PUFMhKS4KKyAgICAgICAgCisgICAgICAgIC0gZml4ZWQgUkVHUkVTU0lP TihyNDM0MzIpOiBNYW55IEphdmFTY3JpcHRDb3JlIHRlc3RzIGNyYXNoIGluIDY0LWJpdAorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjU2ODAKKworICAg ICAgICBBY2NvdW5kIGZvciB0aGUgNjQtYml0IGluc3RydWN0aW9uIHByZWZpeCB3aGVuIHJld3Jp dGluZyBtb3YgdG8gbGVhIG9uIDY0LWJpdC4KKyAgICAgICAgCisgICAgICAgICogaml0L0pJVC5o OgorICAgICAgICAqIGppdC9KSVRQcm9wZXJ0eUFjY2Vzcy5jcHA6CisgICAgICAgIChKU0M6OkpJ VDo6cGF0Y2hHZXRCeUlkU2VsZik6CisgICAgICAgIChKU0M6OkpJVDo6cGF0Y2hQdXRCeUlkUmVw bGFjZSk6CisKIDIwMDktMDUtMTAgIERhcmluIEFkbGVyICA8ZGFyaW5AYXBwbGUuY29tPgogCiAg ICAgICAgIFJldmlld2VkIGJ5IENhbWVyb24gWndhcmljaC4KSW5kZXg6IGppdC9KSVQuaAo9PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSBqaXQvSklULmgJKHJldmlzaW9uIDQzNDc5KQorKysgaml0L0pJVC5oCSh3b3Jr aW5nIGNvcHkpCkBAIC0yMjgsMTIgKzIyOCwxNCBAQCBuYW1lc3BhY2UgSlNDIHsKICAgICAgICAg c3RhdGljIGNvbnN0IGludCBwYXRjaE9mZnNldFB1dEJ5SWRTdHJ1Y3R1cmUgPSAxMDsKICAgICAg ICAgc3RhdGljIGNvbnN0IGludCBwYXRjaE9mZnNldFB1dEJ5SWRFeHRlcm5hbExvYWQgPSAyMDsK ICAgICAgICAgc3RhdGljIGNvbnN0IGludCBwYXRjaExlbmd0aFB1dEJ5SWRFeHRlcm5hbExvYWQg PSA0OworICAgICAgICBzdGF0aWMgY29uc3QgaW50IHBhdGNoTGVuZ3RoUHV0QnlJZEV4dGVybmFs TG9hZFByZWZpeCA9IDE7CiAgICAgICAgIHN0YXRpYyBjb25zdCBpbnQgcGF0Y2hPZmZzZXRQdXRC eUlkUHJvcGVydHlNYXBPZmZzZXQgPSAzMTsKICAgICAgICAgLy8gVGhlc2UgYXJjaGl0ZWN0dXJl IHNwZWNpZmljIHZhbHVlIGFyZSB1c2VkIHRvIGVuYWJsZSBwYXRjaGluZyAtIHNlZSBjb21tZW50 IG9uIG9wX2dldF9ieV9pZC4KICAgICAgICAgc3RhdGljIGNvbnN0IGludCBwYXRjaE9mZnNldEdl dEJ5SWRTdHJ1Y3R1cmUgPSAxMDsKICAgICAgICAgc3RhdGljIGNvbnN0IGludCBwYXRjaE9mZnNl dEdldEJ5SWRCcmFuY2hUb1Nsb3dDYXNlID0gMjA7CiAgICAgICAgIHN0YXRpYyBjb25zdCBpbnQg cGF0Y2hPZmZzZXRHZXRCeUlkRXh0ZXJuYWxMb2FkID0gMjA7CiAgICAgICAgIHN0YXRpYyBjb25z dCBpbnQgcGF0Y2hMZW5ndGhHZXRCeUlkRXh0ZXJuYWxMb2FkID0gNDsKKyAgICAgICAgc3RhdGlj IGNvbnN0IGludCBwYXRjaExlbmd0aEdldEJ5SWRFeHRlcm5hbExvYWRQcmVmaXggPSAxOwogICAg ICAgICBzdGF0aWMgY29uc3QgaW50IHBhdGNoT2Zmc2V0R2V0QnlJZFByb3BlcnR5TWFwT2Zmc2V0 ID0gMzE7CiAgICAgICAgIHN0YXRpYyBjb25zdCBpbnQgcGF0Y2hPZmZzZXRHZXRCeUlkUHV0UmVz dWx0ID0gMzE7CiAjaWYgRU5BQkxFKE9QQ09ERV9TQU1QTElORykKQEAgLTI0NywxMiArMjQ5LDE0 IEBAIG5hbWVzcGFjZSBKU0MgewogICAgICAgICBzdGF0aWMgY29uc3QgaW50IHBhdGNoT2Zmc2V0 UHV0QnlJZFN0cnVjdHVyZSA9IDc7CiAgICAgICAgIHN0YXRpYyBjb25zdCBpbnQgcGF0Y2hPZmZz ZXRQdXRCeUlkRXh0ZXJuYWxMb2FkID0gMTM7CiAgICAgICAgIHN0YXRpYyBjb25zdCBpbnQgcGF0 Y2hMZW5ndGhQdXRCeUlkRXh0ZXJuYWxMb2FkID0gMzsKKyAgICAgICAgc3RhdGljIGNvbnN0IGlu dCBwYXRjaExlbmd0aFB1dEJ5SWRFeHRlcm5hbExvYWRQcmVmaXggPSAwOwogICAgICAgICBzdGF0 aWMgY29uc3QgaW50IHBhdGNoT2Zmc2V0UHV0QnlJZFByb3BlcnR5TWFwT2Zmc2V0ID0gMjI7CiAg ICAgICAgIC8vIFRoZXNlIGFyY2hpdGVjdHVyZSBzcGVjaWZpYyB2YWx1ZSBhcmUgdXNlZCB0byBl bmFibGUgcGF0Y2hpbmcgLSBzZWUgY29tbWVudCBvbiBvcF9nZXRfYnlfaWQuCiAgICAgICAgIHN0 YXRpYyBjb25zdCBpbnQgcGF0Y2hPZmZzZXRHZXRCeUlkU3RydWN0dXJlID0gNzsKICAgICAgICAg c3RhdGljIGNvbnN0IGludCBwYXRjaE9mZnNldEdldEJ5SWRCcmFuY2hUb1Nsb3dDYXNlID0gMTM7 CiAgICAgICAgIHN0YXRpYyBjb25zdCBpbnQgcGF0Y2hPZmZzZXRHZXRCeUlkRXh0ZXJuYWxMb2Fk ID0gMTM7CiAgICAgICAgIHN0YXRpYyBjb25zdCBpbnQgcGF0Y2hMZW5ndGhHZXRCeUlkRXh0ZXJu YWxMb2FkID0gMzsKKyAgICAgICAgc3RhdGljIGNvbnN0IGludCBwYXRjaExlbmd0aEdldEJ5SWRF eHRlcm5hbExvYWRQcmVmaXggPSAwOwogICAgICAgICBzdGF0aWMgY29uc3QgaW50IHBhdGNoT2Zm c2V0R2V0QnlJZFByb3BlcnR5TWFwT2Zmc2V0ID0gMjI7CiAgICAgICAgIHN0YXRpYyBjb25zdCBp bnQgcGF0Y2hPZmZzZXRHZXRCeUlkUHV0UmVzdWx0ID0gMjI7CiAjaWYgRU5BQkxFKE9QQ09ERV9T QU1QTElORykKSW5kZXg6IGppdC9KSVRQcm9wZXJ0eUFjY2Vzcy5jcHAKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g aml0L0pJVFByb3BlcnR5QWNjZXNzLmNwcAkocmV2aXNpb24gNDM0NzkpCisrKyBqaXQvSklUUHJv cGVydHlBY2Nlc3MuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0zMzAsNyArMzMwLDcgQEAgdm9pZCBK SVQ6OnBhdGNoR2V0QnlJZFNlbGYoU3RydWN0dXJlU3R1YgogICAgIC8vIElmIHdlJ3JlIHBhdGNo aW5nIHRvIHVzZSBpbmxpbmUgc3RvcmFnZSwgY29udmVydCB0aGUgaW5pdGlhbCBsb2FkIHRvIGEg bGVhOyB0aGlzIGF2b2lkcyB0aGUgZXh0cmEgbG9hZAogICAgIC8vIGFuZCBtYWtlcyB0aGUgc3Vi c2VxdWVudCBsb2FkJ3Mgb2Zmc2V0IGF1dG9tYXRpY2FsbHkgY29ycmVjdAogICAgIGlmIChzdHJ1 Y3R1cmUtPmlzVXNpbmdJbmxpbmVTdG9yYWdlKCkpCi0gICAgICAgIHN0dWJJbmZvLT5ob3RQYXRo QmVnaW4uaW5zdHJ1Y3Rpb25BdE9mZnNldChwYXRjaE9mZnNldEdldEJ5SWRFeHRlcm5hbExvYWQp LnBhdGNoTG9hZFRvTEVBKCk7CisgICAgICAgIHN0dWJJbmZvLT5ob3RQYXRoQmVnaW4uaW5zdHJ1 Y3Rpb25BdE9mZnNldChwYXRjaE9mZnNldEdldEJ5SWRFeHRlcm5hbExvYWQgKyBwYXRjaExlbmd0 aEdldEJ5SWRFeHRlcm5hbExvYWRQcmVmaXgpLnBhdGNoTG9hZFRvTEVBKCk7CiAKICAgICAvLyBQ YXRjaCB0aGUgb2Zmc2V0IGludG8gdGhlIHByb3BvZXJ0eSBtYXAgdG8gbG9hZCBmcm9tLCB0aGVu IHBhdGNoIHRoZSBTdHJ1Y3R1cmUgdG8gbG9vayBmb3IuCiAgICAgc3R1YkluZm8tPmhvdFBhdGhC ZWdpbi5kYXRhTGFiZWxQdHJBdE9mZnNldChwYXRjaE9mZnNldEdldEJ5SWRTdHJ1Y3R1cmUpLnJl cGF0Y2goc3RydWN0dXJlKTsKQEAgLTM0OCw3ICszNDgsNyBAQCB2b2lkIEpJVDo6cGF0Y2hQdXRC eUlkUmVwbGFjZShTdHJ1Y3R1cmVTCiAgICAgLy8gSWYgd2UncmUgcGF0Y2hpbmcgdG8gdXNlIGlu bGluZSBzdG9yYWdlLCBjb252ZXJ0IHRoZSBpbml0aWFsIGxvYWQgdG8gYSBsZWE7IHRoaXMgYXZv aWRzIHRoZSBleHRyYSBsb2FkCiAgICAgLy8gYW5kIG1ha2VzIHRoZSBzdWJzZXF1ZW50IGxvYWQn cyBvZmZzZXQgYXV0b21hdGljYWxseSBjb3JyZWN0CiAgICAgaWYgKHN0cnVjdHVyZS0+aXNVc2lu Z0lubGluZVN0b3JhZ2UoKSkKLSAgICAgICAgc3R1YkluZm8tPmhvdFBhdGhCZWdpbi5pbnN0cnVj dGlvbkF0T2Zmc2V0KHBhdGNoT2Zmc2V0R2V0QnlJZEV4dGVybmFsTG9hZCkucGF0Y2hMb2FkVG9M RUEoKTsKKyAgICAgICAgc3R1YkluZm8tPmhvdFBhdGhCZWdpbi5pbnN0cnVjdGlvbkF0T2Zmc2V0 KHBhdGNoT2Zmc2V0UHV0QnlJZEV4dGVybmFsTG9hZCArIHBhdGNoTGVuZ3RoUHV0QnlJZEV4dGVy bmFsTG9hZFByZWZpeCkucGF0Y2hMb2FkVG9MRUEoKTsKIAogICAgIC8vIFBhdGNoIHRoZSBvZmZz ZXQgaW50byB0aGUgcHJvcG9lcnR5IG1hcCB0byBsb2FkIGZyb20sIHRoZW4gcGF0Y2ggdGhlIFN0 cnVjdHVyZSB0byBsb29rIGZvci4KICAgICBzdHViSW5mby0+aG90UGF0aEJlZ2luLmRhdGFMYWJl bFB0ckF0T2Zmc2V0KHBhdGNoT2Zmc2V0UHV0QnlJZFN0cnVjdHVyZSkucmVwYXRjaChzdHJ1Y3R1 cmUpOwo=