69897 2011-10-11 21:51:48 -0700 Layout tests crashing in DFG JIT code 2011-10-12 01:00:24 -0700 1 1 1 Unclassified WebKit Tools / Tests 528+ (Nightly build) Mac OS X 10.6 RESOLVED FIXED http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r97218%20(19479)/results.html LayoutTestFailure, MakingBotsRed, Regression P2 Normal --- 1 simon.fraser webkit-unassigned barraclough fpizlo ggaren oliver simon.fraser webkit.review.bot oldest_to_newest 482201 0 simon.fraser 2011-10-11 21:51:48 -0700 The following tests are crashing in com.apple.JavaScriptCore: JSC::DFG::JITCodeGenerator on the SnowLeopard leaks bot: fast/canvas/webgl/tex-image-with-format-and-type.html: crash log (com.apple.JavaScriptCore: JSC::DFG::JITCodeGenerator::silentFillGPR(JSC::DFG::VirtualRegister, JSC::X86Registers::RegisterID, JSC::X86Registers::RegisterID) + 871) fast/dom/prototype-inheritance-2.html: crash log (com.apple.JavaScriptCore: JSC::DFG::AbstractValue::clobberStructures() + 100) fast/harness/results.html: crash log (com.apple.JavaScriptCore: JSC::DFG::JITCodeGenerator::silentFillGPR(JSC::DFG::VirtualRegister, JSC::X86Registers::RegisterID, JSC::X86Registers::RegisterID) + 871) inspector/debugger/linkifier.html: crash log (com.apple.JavaScriptCore: JSC::DFG::JITCodeGenerator::silentFillGPR(JSC::DFG::VirtualRegister, JSC::X86Registers::RegisterID, JSC::X86Registers::RegisterID) + 871) inspector/debugger/script-formatter.html: crash log (com.apple.JavaScriptCore: JSC::DFG::JITCodeGenerator::silentFillGPR(JSC::DFG::VirtualRegister, JSC::X86Registers::RegisterID, JSC::X86Registers::RegisterID) + 482204 1 simon.fraser 2011-10-11 21:53:43 -0700 Most are an assertion in JITCodeGenerator::silentFillGPR: http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r97218%20(19479)/fast/canvas/webgl/tex-image-with-format-and-type-crash-log.txt 482215 2 simon.fraser 2011-10-11 22:17:00 -0700 Also on http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r97221%20(1193)/results.html fast/dom/prototype-inheritance-2.html is asserting in JavaScriptCore: JSC::DFG::AbstractValue::clobberStructures() + 125) 482221 3 barraclough 2011-10-11 22:30:07 -0700 The silentFillGPR regressions are likely my bad; clobberStructures is likely due to Filip's last change. I'll revert my last patch to get the tree green & investigate in the morning, Filip, I'll leave it up to you to choose whether you want to revert or to just land a fix. 482223 4 fpizlo 2011-10-11 22:32:00 -0700 (In reply to comment #3) > The silentFillGPR regressions are likely my bad; clobberStructures is likely due to Filip's last change. > > I'll revert my last patch to get the tree green & investigate in the morning, Filip, I'll leave it up to you to choose whether you want to revert or to just land a fix. I'm trying to figure this out right now... 482241 5 barraclough 2011-10-11 23:09:16 -0700 The silentFillGPR change is reverted in 97235. 482251 6 110643 fpizlo 2011-10-11 23:21:49 -0700 Created attachment 110643 the patch for fast/dom/prototype-inheritance-2 482282 7 110643 webkit.review.bot 2011-10-12 01:00:20 -0700 Comment on attachment 110643 the patch for fast/dom/prototype-inheritance-2 Clearing flags on attachment: 110643 Committed r97240: <http://trac.webkit.org/changeset/97240> 482283 8 webkit.review.bot 2011-10-12 01:00:24 -0700 All reviewed patches have been landed. Closing bug. 110643 2011-10-11 23:21:49 -0700 2011-10-12 01:00:19 -0700 the patch for fast/dom/prototype-inheritance-2 fixabsval_patch_1.diff text/plain 2087 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gOTcyMzYpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMjIgQEAK KzIwMTEtMTAtMTEgIEZpbGlwIFBpemxvICA8ZnBpemxvQGFwcGxlLmNvbT4KKworICAgICAgICBM YXlvdXQgdGVzdHMgY3Jhc2hpbmcgaW4gREZHIEpJVCBjb2RlCisgICAgICAgIGh0dHBzOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD02OTg5NworCisgICAgICAgIFJldmlld2VkIGJ5 IE5PQk9EWSAoT09QUyEpLgorICAgICAgICAKKyAgICAgICAgQWJzdHJhY3QgdmFsdWUgZmlsdHJh dGlvbiBkaWRuJ3QgdGFrZSBpbnRvIGFjY291bnQgY2FzZXMgd2hlcmUgYSBzdHJ1Y3R1cmUKKyAg ICAgICAgc2V0IGZpbHRlciwgY29tYmluZWQgd2l0aCBwcmVkaWN0ZWQgdHlwZSBrbm93bGVkZ2Us IGNvdWxkIGxlYWQgdG8gYSBzdHJvbmdlcgorICAgICAgICBmaWx0ZXIgZm9yIHRoZSBzdHJ1Y3R1 cmUgYWJzdHJhY3QgdmFsdWUuCisgICAgICAgIAorICAgICAgICBUaGlzIGJ1ZyB3b3VsZCBoYXZl IGJlZW4gYmVuaWduIGluIHJlbGVhc2UgYnVpbGRzOyBpdCB3b3VsZCBoYXZlIGp1c3QgbWVhbnQK KyAgICAgICAgdGhhdCB0aGUgYW5hbHlzaXMgd2FzIGxlc3MgcHJlY2lzZSBhbmQgc29tZSBvcHRp bWl6YXRpb24gb3Bwb3J0dW5pdGllcyB3b3VsZAorICAgICAgICBiZSBtaXNzZWQuIEkgaGF2ZSBh biBBU1NFUlQgdGhhdCBpcyBtZWFudCB0byBjYXRjaCBzdWNoIGNhc2VzLCBhbmQgaXQgd2FzCisg ICAgICAgIHRyaWdnZXJpbmcgc3BvcmFkaWNhbGx5IGluIG9uZSBvZiB0aGUgTGF5b3V0VGVzdHMu CisKKyAgICAgICAgKiBkZmcvREZHQWJzdHJhY3RWYWx1ZS5oOgorICAgICAgICAoSlNDOjpERkc6 OkFic3RyYWN0VmFsdWU6OmZpbHRlcik6CisKIDIwMTEtMTAtMTEgIEdhdmluIEJhcnJhY2xvdWdo ICA8YmFyYWNsb3VnaEBhcHBsZS5jb20+CiAKICAgICAgICAgVW5yZXZpZXdlZCwgdGVtcG9yYXJp bHkgcmV2ZXJ0ZWQgcjk3MjE2IGR1ZSB0byBidWcgIzY5ODk3LgpJbmRleDogU291cmNlL0phdmFT Y3JpcHRDb3JlL2RmZy9ERkdBYnN0cmFjdFZhbHVlLmgKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0ph dmFTY3JpcHRDb3JlL2RmZy9ERkdBYnN0cmFjdFZhbHVlLmgJKHJldmlzaW9uIDk3MjM1KQorKysg U291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdBYnN0cmFjdFZhbHVlLmgJKHdvcmtpbmcgY29w eSkKQEAgLTQwMiw2ICs0MDIsMTMgQEAgc3RydWN0IEFic3RyYWN0VmFsdWUgewogICAgIHsKICAg ICAgICAgbV90eXBlICY9IG90aGVyLnByZWRpY3Rpb25Gcm9tU3RydWN0dXJlcygpOwogICAgICAg ICBtX3N0cnVjdHVyZS5maWx0ZXIob3RoZXIpOworICAgICAgICAKKyAgICAgICAgLy8gSXQncyBw b3NzaWJsZSB0aGF0IHByaW9yIHRvIHRoZSBhYm92ZSB0d28gc3RhdGVtZW50cyB3ZSBoYWQgKEZv bywgVE9QKSwgd2hlcmUKKyAgICAgICAgLy8gRm9vIGlzIGEgUHJlZGljdGVkVHlwZSB0aGF0IGlz IGRpc2pvaW50IHdpdGggdGhlIHBhc3NlZCBTdHJ1Y3R1cmVTZXQuIEluIHRoYXQKKyAgICAgICAg Ly8gY2FzZSwgd2Ugd2lsbCBub3cgaGF2ZSAoTm9uZSwgW3NvbWVTdHJ1Y3R1cmVdKS4gSW4gZ2Vu ZXJhbCwgd2UgbmVlZCB0byBtYWtlCisgICAgICAgIC8vIHN1cmUgdGhhdCBuZXcgaW5mb3JtYXRp b24gZ2xlYW5lZCBmcm9tIHRoZSBQcmVkaWN0ZWRUeXBlIG5lZWRzIHRvIGJlIGZlZCBiYWNrCisg ICAgICAgIC8vIGludG8gdGhlIGluZm9ybWF0aW9uIGdsZWFuZWQgZnJvbSB0aGUgU3RydWN0dXJl U2V0LgorICAgICAgICBtX3N0cnVjdHVyZS5maWx0ZXIobV90eXBlKTsKICAgICB9CiAgICAgCiAg ICAgdm9pZCBmaWx0ZXIoUHJlZGljdGVkVHlwZSB0eXBlKQo=