71045 2011-10-27 11:58:05 -0700 Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic 2011-10-27 15:19:41 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac (Intel) OS X 10.7 RESOLVED FIXED http://build.webkit.org/TestFailures/garden-o-matic.html InRadar P2 Normal --- 1 aroben webkit-unassigned barraclough fpizlo ggaren mhahnenberg oliver webkit-bug-importer oldest_to_newest 491787 0 aroben 2011-10-27 11:58:05 -0700 To reproduce: 1. Go to http://build.webkit.org/TestFailures/garden-o-matic.html You'll crash! Here's the backtrace: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010a2fb587 JSC::Structure::materializePropertyMap(JSC::JSGlobalData&) + 343 1 com.apple.JavaScriptCore 0x000000010a3c0adb JSC::DFG::ByteCodeParser::parseBlock(unsigned int) + 12971 2 com.apple.JavaScriptCore 0x000000010a3bd5d3 JSC::DFG::ByteCodeParser::parseCodeBlock() + 1203 3 com.apple.JavaScriptCore 0x000000010a3c22bf JSC::DFG::ByteCodeParser::parse() + 79 4 com.apple.JavaScriptCore 0x000000010a3c2499 JSC::DFG::parse(JSC::DFG::Graph&, JSC::JSGlobalData*, JSC::CodeBlock*) + 41 5 com.apple.JavaScriptCore 0x000000010a3a70de JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*) + 750 6 com.apple.JavaScriptCore 0x000000010a3a6de7 JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 23 7 com.apple.JavaScriptCore 0x000000010a3dbf31 JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::JITCode::JITType) + 385 8 com.apple.JavaScriptCore 0x000000010a3efb7d cti_optimize_from_ret + 253 9 ??? 0x000037cc8c4ed70e 0 + 61351666833166 10 com.apple.JavaScriptCore 0x000000010a2e383d JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1421 11 com.apple.JavaScriptCore 0x000000010a2e32ad JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 45 12 com.apple.WebCore 0x000000010a63d6d1 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1153 13 com.apple.WebCore 0x000000010a63d184 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 356 14 com.apple.WebCore 0x000000010a5f4bfd WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 141 15 com.apple.WebCore 0x000000010a83b28d WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WebCore::ProgressEventAction) + 61 16 com.apple.WebCore 0x000000010a83b043 WebCore::XMLHttpRequest::callReadyStateChangeListener() + 339 17 com.apple.WebCore 0x000000010a83e847 WebCore::XMLHttpRequest::didFinishLoading(unsigned long, double) + 407 18 com.apple.WebCore 0x000000010ac5aafa WebCore::DocumentThreadableLoader::notifyFinished(WebCore::CachedResource*) + 426 19 com.apple.WebCore 0x000000010a661d37 WebCore::CachedResource::checkNotify() + 151 20 com.apple.WebCore 0x000000010ac0aa05 WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 453 21 com.apple.WebCore 0x000000010a65e64a WebCore::CachedResourceRequest::didFinishLoading(WebCore::SubresourceLoader*, double) + 202 22 com.apple.WebCore 0x000000010a65e4f8 WebCore::SubresourceLoader::didFinishLoading(double) + 56 491788 1 webkit-bug-importer 2011-10-27 11:58:54 -0700 <rdar://problem/10356412> 491792 2 aroben 2011-10-27 12:01:48 -0700 I'm currently using a Release build from r98588. 491872 3 fpizlo 2011-10-27 13:29:31 -0700 Yup, I can see it in ToT. Investigating... 491883 4 fpizlo 2011-10-27 13:40:32 -0700 This looks like continued sloppiness in JSC::Structure's management of the property table. It sometimes creates structures marked pinned (meaning that they have a property table) but then never creates the property table. I don't see a good testing strategy to repro this particular case, because the garden-o-matic code seems to only trigger the bug by happening to run code in such an order, and with such frequency, that tiered compilation ends up accidentally poking and prodding JSC::Structure at just the right times to get this to appear. On the other hand, if I add a simple assertion in a few places that says "if you're pinned you must have a property table", then I can get JavaScriptCore to crash while allocating a JSDOMWindowShell. I'm slowly prodding along now, making sure that all of the places that pin structures also force an allocation of the property table... Thereafter so long as nobody removes my assertions, any regressions should be detectable when you try to run any script. 491913 5 112745 fpizlo 2011-10-27 13:57:14 -0700 Created attachment 112745 the patch 491926 6 112745 ggaren 2011-10-27 14:06:41 -0700 Comment on attachment 112745 the patch r=me 492000 7 fpizlo 2011-10-27 15:07:41 -0700 Sadly, this is a slight slow-down on SunSpider. But it is quite small, and it doesn't show up in other benchmarks, so the fix is likely worth it. Benchmark report for SunSpider, V8, and Kraken. VMs tested: "TipOfTree" at /Volumes/Data/pizlo/tertiary/OpenSource/WebKitBuild/Release/jsc "FixStructPin" at /Volumes/Data/pizlo/secondary/OpenSource/WebKitBuild/Release/jsc Collected 30 samples per benchmark/VM, with 10 VM invocations per benchmark. Used 1 benchmark iteration per VM invocation for warm-up. Used the jsc-specific preciseTime() function to get microsecond-level timing. Reporting benchmark execution times with 95% confidence intervals in milliseconds. TipOfTree FixStructPin SunSpider: 3d-cube 7.9432+-0.0276 7.9117+-0.0268 3d-morph 8.5105+-0.0784 ^ 8.4044+-0.0181 ^ definitely 1.0126x faster 3d-raytrace 8.2174+-0.0432 8.1745+-0.0613 access-binary-trees 1.7146+-0.0143 ^ 1.6905+-0.0038 ^ definitely 1.0143x faster access-fannkuch 7.7460+-0.0093 ? 7.7609+-0.0059 ? access-nbody 4.5315+-0.0072 ? 4.5358+-0.0143 ? access-nsieve 3.2009+-0.0146 3.1979+-0.0179 bitops-3bit-bits-in-byte 1.3244+-0.0089 1.3130+-0.0043 bitops-bits-in-byte 5.2687+-0.0205 ? 5.2824+-0.0112 ? bitops-bitwise-and 3.4350+-0.0401 ? 3.4352+-0.0363 ? bitops-nsieve-bits 5.6555+-0.0224 5.6529+-0.0216 controlflow-recursive 2.3330+-0.0037 ? 2.3410+-0.0106 ? crypto-aes 7.6497+-0.0420 7.6323+-0.0484 crypto-md5 2.8601+-0.0087 ? 2.8605+-0.0145 ? crypto-sha1 2.6354+-0.0067 2.6312+-0.0071 date-format-tofte 10.5632+-0.0460 ! 10.6605+-0.0460 ! definitely 1.0092x slower date-format-xparb 9.9720+-0.1549 ? 10.1731+-0.1275 ? might be 1.0202x slower math-cordic 7.5686+-0.1547 ? 7.7440+-0.1560 ? might be 1.0232x slower math-partial-sums 10.6938+-0.1189 10.5761+-0.0265 might be 1.0111x faster math-spectral-norm 2.8803+-0.0045 2.8773+-0.0042 regexp-dna 13.4070+-0.1127 13.3740+-0.1064 string-base64 4.4634+-0.0362 4.4469+-0.0125 string-fasta 7.1400+-0.0245 ? 7.1445+-0.0361 ? string-tagcloud 13.3047+-0.0816 13.1774+-0.0828 string-unpack-code 22.7366+-0.1591 ! 23.6213+-0.1312 ! definitely 1.0389x slower string-validate-input 5.6028+-0.0248 ! 5.6641+-0.0201 ! definitely 1.0109x slower <arithmetic> * 6.9753+-0.0162 ! 7.0109+-0.0168 ! definitely 1.0051x slower <geometric> 5.6425+-0.0108 ? 5.6500+-0.0114 ? <harmonic> 4.4692+-0.0079 4.4621+-0.0084 TipOfTree FixStructPin V8: crypto 81.1896+-0.1168 ? 81.3671+-0.1623 ? deltablue 199.3296+-1.0399 198.1822+-0.9440 earley-boyer 111.8989+-0.4461 ! 113.1431+-0.5304 ! definitely 1.0111x slower raytrace 69.7200+-0.1919 ? 69.9946+-0.2200 ? regexp 123.9281+-0.2393 ! 124.4909+-0.2948 ! definitely 1.0045x slower richards 145.2759+-0.4161 ? 145.8049+-0.3323 ? splay 125.6654+-0.2809 ^ 121.0977+-0.2940 ^ definitely 1.0377x faster <arithmetic> 122.4296+-0.2022 ^ 122.0115+-0.1650 ^ definitely 1.0034x faster <geometric> * 116.1735+-0.1607 115.8837+-0.1459 <harmonic> 110.1899+-0.1402 110.0394+-0.1449 TipOfTree FixStructPin Kraken: ai-astar 830.8233+-4.4071 ? 835.0350+-0.5160 ? audio-beat-detection 213.1762+-0.6769 ? 213.2899+-1.0087 ? audio-dft 263.5786+-2.6509 262.5557+-1.3202 audio-fft 133.2385+-0.3857 133.0737+-0.2631 audio-oscillator 291.6292+-0.6770 ? 291.8211+-0.7753 ? imaging-darkroom 456.8501+-10.0365 450.3742+-3.3700 might be 1.0144x faster imaging-desaturate 245.3833+-0.2843 245.2521+-0.0855 imaging-gaussian-blur 622.0908+-0.8585 621.7663+-0.4884 json-parse-financial 69.8525+-0.1532 ! 72.4779+-0.1186 ! definitely 1.0376x slower json-stringify-tinderbox 79.5813+-0.1407 79.2584+-0.1880 stanford-crypto-aes 153.7820+-1.0984 ^ 151.5146+-0.9335 ^ definitely 1.0150x faster stanford-crypto-ccm 116.4856+-0.6340 115.7287+-0.4401 stanford-crypto-pbkdf2 236.9247+-1.5438 234.8863+-0.8870 stanford-crypto-sha256-iterative 85.3753+-0.1279 ^ 85.0792+-0.1425 ^ definitely 1.0035x faster <arithmetic> * 271.3408+-0.6121 270.8652+-0.2501 <geometric> 206.3747+-0.3980 206.1808+-0.1924 <harmonic> 162.0133+-0.2066 ? 162.3857+-0.1775 ? TipOfTree FixStructPin All benchmarks: <arithmetic> 102.9178+-0.1943 102.7336+-0.0848 <geometric> 25.8670+-0.0388 ? 25.8691+-0.0339 ? <harmonic> 7.8760+-0.0137 7.8638+-0.0145 TipOfTree FixStructPin Geomean of preferred means: <scaled-result> 60.3568+-0.0888 ? 60.3736+-0.0661 ? 492002 8 112745 fpizlo 2011-10-27 15:08:23 -0700 Comment on attachment 112745 the patch Clearing commit flag because I'm still running a few more tests, and I'll land manually once (if) I'm satisfied. 492010 9 fpizlo 2011-10-27 15:19:41 -0700 Landed in http://trac.webkit.org/changeset/98647 112745 2011-10-27 13:57:14 -0700 2011-10-27 15:08:23 -0700 the patch fixstructpin_patch_1.diff text/plain 6267 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gOTg2MzIpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMjUgQEAK KzIwMTEtMTAtMjcgIEZpbGlwIFBpemxvICA8ZnBpemxvQGFwcGxlLmNvbT4KKworICAgICAgICBD cmFzaCBpbiBKU0M6OlN0cnVjdHVyZTo6bWF0ZXJpYWxpemVQcm9wZXJ0eU1hcCB3aGVuIHZpZXdp bmcgR2FyZGVuLU8tTWF0aWMKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19i dWcuY2dpP2lkPTcxMDQ1CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisg ICAgICAgIAorICAgICAgICBNYWtlIHN1cmUgdGhhdCBpZiBhIHN0cnVjdHVyZSBpcyBwaW5uZWQs IGl0IGFsc28gaGFzIGEgcHJvcGVydHkgbWFwLgorCisgICAgICAgICogcnVudGltZS9TdHJ1Y3R1 cmUuY3BwOgorICAgICAgICAoSlNDOjpTdHJ1Y3R1cmU6OmNoYW5nZVByb3RvdHlwZVRyYW5zaXRp b24pOgorICAgICAgICAoSlNDOjpTdHJ1Y3R1cmU6OmRlc3BlY2lmeUZ1bmN0aW9uVHJhbnNpdGlv bik6CisgICAgICAgIChKU0M6OlN0cnVjdHVyZTo6Z2V0dGVyU2V0dGVyVHJhbnNpdGlvbik6Cisg ICAgICAgIChKU0M6OlN0cnVjdHVyZTo6dG9EaWN0aW9uYXJ5VHJhbnNpdGlvbik6CisgICAgICAg IChKU0M6OlN0cnVjdHVyZTo6cHJldmVudEV4dGVuc2lvbnNUcmFuc2l0aW9uKToKKyAgICAgICAg KEpTQzo6U3RydWN0dXJlOjphZGRQcm9wZXJ0eVdpdGhvdXRUcmFuc2l0aW9uKToKKyAgICAgICAg KEpTQzo6U3RydWN0dXJlOjpyZW1vdmVQcm9wZXJ0eVdpdGhvdXRUcmFuc2l0aW9uKToKKyAgICAg ICAgKEpTQzo6U3RydWN0dXJlOjpwaW4pOgorICAgICAgICAoSlNDOjpTdHJ1Y3R1cmU6OmNvcHlQ cm9wZXJ0eVRhYmxlRm9yUGlubmluZyk6CisgICAgICAgICogcnVudGltZS9TdHJ1Y3R1cmUuaDoK KyAgICAgICAgKEpTQzo6U3RydWN0dXJlOjptYXRlcmlhbGl6ZVByb3BlcnR5TWFwSWZOZWNlc3Nh cnlGb3JQaW5uaW5nKToKKwogMjAxMS0xMC0yNyAgR3VzdGF2byBOb3JvbmhhIFNpbHZhICA8Z25z QGdub21lLm9yZz4KIAogICAgICAgICBGaXggYnVpbGRpbmcgb24gR05VL2tGcmVlQlNECkluZGV4 OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9TdHJ1Y3R1cmUuY3BwCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1N0cnVjdHVyZS5jcHAJKHJldmlzaW9u IDk4NjIyKQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvU3RydWN0dXJlLmNwcAko d29ya2luZyBjb3B5KQpAQCAtMzcxLDcgKzM3MSw3IEBAIFN0cnVjdHVyZSogU3RydWN0dXJlOjpj aGFuZ2VQcm90b3R5cGVUcmEKICAgICAvLyBEb24ndCBzZXQgbV9vZmZzZXQsIGFzIG9uZSBjYW4g bm90IHRyYW5zaXRpb24gdG8gdGhpcy4KIAogICAgIHN0cnVjdHVyZS0+bWF0ZXJpYWxpemVQcm9w ZXJ0eU1hcElmTmVjZXNzYXJ5KGdsb2JhbERhdGEpOwotICAgIHRyYW5zaXRpb24tPm1fcHJvcGVy dHlUYWJsZSA9IHN0cnVjdHVyZS0+Y29weVByb3BlcnR5VGFibGUoZ2xvYmFsRGF0YSwgdHJhbnNp dGlvbik7CisgICAgdHJhbnNpdGlvbi0+bV9wcm9wZXJ0eVRhYmxlID0gc3RydWN0dXJlLT5jb3B5 UHJvcGVydHlUYWJsZUZvclBpbm5pbmcoZ2xvYmFsRGF0YSwgdHJhbnNpdGlvbik7CiAgICAgdHJh bnNpdGlvbi0+cGluKCk7CiAKICAgICByZXR1cm4gdHJhbnNpdGlvbjsKQEAgLTM4Nyw3ICszODcs NyBAQCBTdHJ1Y3R1cmUqIFN0cnVjdHVyZTo6ZGVzcGVjaWZ5RnVuY3Rpb25UCiAgICAgLy8gRG9u J3Qgc2V0IG1fb2Zmc2V0LCBhcyBvbmUgY2FuIG5vdCB0cmFuc2l0aW9uIHRvIHRoaXMuCiAKICAg ICBzdHJ1Y3R1cmUtPm1hdGVyaWFsaXplUHJvcGVydHlNYXBJZk5lY2Vzc2FyeShnbG9iYWxEYXRh KTsKLSAgICB0cmFuc2l0aW9uLT5tX3Byb3BlcnR5VGFibGUgPSBzdHJ1Y3R1cmUtPmNvcHlQcm9w ZXJ0eVRhYmxlKGdsb2JhbERhdGEsIHRyYW5zaXRpb24pOworICAgIHRyYW5zaXRpb24tPm1fcHJv cGVydHlUYWJsZSA9IHN0cnVjdHVyZS0+Y29weVByb3BlcnR5VGFibGVGb3JQaW5uaW5nKGdsb2Jh bERhdGEsIHRyYW5zaXRpb24pOwogICAgIHRyYW5zaXRpb24tPnBpbigpOwogCiAgICAgaWYgKHRy YW5zaXRpb24tPm1fc3BlY2lmaWNGdW5jdGlvblRocmFzaENvdW50ID09IG1heFNwZWNpZmljRnVu Y3Rpb25UaHJhc2hDb3VudCkKQEAgLTQwNyw3ICs0MDcsNyBAQCBTdHJ1Y3R1cmUqIFN0cnVjdHVy ZTo6Z2V0dGVyU2V0dGVyVHJhbnNpCiAgICAgLy8gRG9uJ3Qgc2V0IG1fb2Zmc2V0LCBhcyBvbmUg Y2FuIG5vdCB0cmFuc2l0aW9uIHRvIHRoaXMuCiAKICAgICBzdHJ1Y3R1cmUtPm1hdGVyaWFsaXpl UHJvcGVydHlNYXBJZk5lY2Vzc2FyeShnbG9iYWxEYXRhKTsKLSAgICB0cmFuc2l0aW9uLT5tX3By b3BlcnR5VGFibGUgPSBzdHJ1Y3R1cmUtPmNvcHlQcm9wZXJ0eVRhYmxlKGdsb2JhbERhdGEsIHRy YW5zaXRpb24pOworICAgIHRyYW5zaXRpb24tPm1fcHJvcGVydHlUYWJsZSA9IHN0cnVjdHVyZS0+ Y29weVByb3BlcnR5VGFibGVGb3JQaW5uaW5nKGdsb2JhbERhdGEsIHRyYW5zaXRpb24pOwogICAg IHRyYW5zaXRpb24tPnBpbigpOwogCiAgICAgcmV0dXJuIHRyYW5zaXRpb247CkBAIC00MjAsNyAr NDIwLDcgQEAgU3RydWN0dXJlKiBTdHJ1Y3R1cmU6OnRvRGljdGlvbmFyeVRyYW5zaQogICAgIFN0 cnVjdHVyZSogdHJhbnNpdGlvbiA9IGNyZWF0ZShnbG9iYWxEYXRhLCBzdHJ1Y3R1cmUpOwogCiAg ICAgc3RydWN0dXJlLT5tYXRlcmlhbGl6ZVByb3BlcnR5TWFwSWZOZWNlc3NhcnkoZ2xvYmFsRGF0 YSk7Ci0gICAgdHJhbnNpdGlvbi0+bV9wcm9wZXJ0eVRhYmxlID0gc3RydWN0dXJlLT5jb3B5UHJv cGVydHlUYWJsZShnbG9iYWxEYXRhLCB0cmFuc2l0aW9uKTsKKyAgICB0cmFuc2l0aW9uLT5tX3By b3BlcnR5VGFibGUgPSBzdHJ1Y3R1cmUtPmNvcHlQcm9wZXJ0eVRhYmxlRm9yUGlubmluZyhnbG9i YWxEYXRhLCB0cmFuc2l0aW9uKTsKICAgICB0cmFuc2l0aW9uLT5tX2RpY3Rpb25hcnlLaW5kID0g a2luZDsKICAgICB0cmFuc2l0aW9uLT5waW4oKTsKIApAQCAtNDczLDcgKzQ3Myw3IEBAIFN0cnVj dHVyZSogU3RydWN0dXJlOjpwcmV2ZW50RXh0ZW5zaW9uc1QKICAgICAvLyBEb24ndCBzZXQgbV9v ZmZzZXQsIGFzIG9uZSBjYW4gbm90IHRyYW5zaXRpb24gdG8gdGhpcy4KIAogICAgIHN0cnVjdHVy ZS0+bWF0ZXJpYWxpemVQcm9wZXJ0eU1hcElmTmVjZXNzYXJ5KGdsb2JhbERhdGEpOwotICAgIHRy YW5zaXRpb24tPm1fcHJvcGVydHlUYWJsZSA9IHN0cnVjdHVyZS0+Y29weVByb3BlcnR5VGFibGUo Z2xvYmFsRGF0YSwgdHJhbnNpdGlvbik7CisgICAgdHJhbnNpdGlvbi0+bV9wcm9wZXJ0eVRhYmxl ID0gc3RydWN0dXJlLT5jb3B5UHJvcGVydHlUYWJsZUZvclBpbm5pbmcoZ2xvYmFsRGF0YSwgdHJh bnNpdGlvbik7CiAgICAgdHJhbnNpdGlvbi0+bV9wcmV2ZW50RXh0ZW5zaW9ucyA9IHRydWU7CiAg ICAgdHJhbnNpdGlvbi0+cGluKCk7CiAKQEAgLTU1MSw3ICs1NTEsNyBAQCBzaXplX3QgU3RydWN0 dXJlOjphZGRQcm9wZXJ0eVdpdGhvdXRUcmFuCiAgICAgaWYgKG1fc3BlY2lmaWNGdW5jdGlvblRo cmFzaENvdW50ID09IG1heFNwZWNpZmljRnVuY3Rpb25UaHJhc2hDb3VudCkKICAgICAgICAgc3Bl Y2lmaWNWYWx1ZSA9IDA7CiAKLSAgICBtYXRlcmlhbGl6ZVByb3BlcnR5TWFwSWZOZWNlc3Nhcnko Z2xvYmFsRGF0YSk7CisgICAgbWF0ZXJpYWxpemVQcm9wZXJ0eU1hcElmTmVjZXNzYXJ5Rm9yUGlu bmluZyhnbG9iYWxEYXRhKTsKICAgICAKICAgICBwaW4oKTsKIApAQCAtNTY2LDcgKzU2Niw3IEBA IHNpemVfdCBTdHJ1Y3R1cmU6OnJlbW92ZVByb3BlcnR5V2l0aG91dFQKICAgICBBU1NFUlQoaXNV bmNhY2hlYWJsZURpY3Rpb25hcnkoKSk7CiAgICAgQVNTRVJUKCFtX2VudW1lcmF0aW9uQ2FjaGUp OwogCi0gICAgbWF0ZXJpYWxpemVQcm9wZXJ0eU1hcElmTmVjZXNzYXJ5KGdsb2JhbERhdGEpOwor ICAgIG1hdGVyaWFsaXplUHJvcGVydHlNYXBJZk5lY2Vzc2FyeUZvclBpbm5pbmcoZ2xvYmFsRGF0 YSk7CiAKICAgICBwaW4oKTsKICAgICBzaXplX3Qgb2Zmc2V0ID0gcmVtb3ZlKHByb3BlcnR5TmFt ZSk7CkBAIC01NzUsNiArNTc1LDcgQEAgc2l6ZV90IFN0cnVjdHVyZTo6cmVtb3ZlUHJvcGVydHlX aXRob3V0VAogCiB2b2lkIFN0cnVjdHVyZTo6cGluKCkKIHsKKyAgICBBU1NFUlQobV9wcm9wZXJ0 eVRhYmxlKTsKICAgICBtX2lzUGlubmVkUHJvcGVydHlUYWJsZSA9IHRydWU7CiAgICAgbV9wcmV2 aW91cy5jbGVhcigpOwogICAgIG1fbmFtZUluUHJldmlvdXMuY2xlYXIoKTsKQEAgLTYxMiw2ICs2 MTMsMTEgQEAgUGFzc093blB0cjxQcm9wZXJ0eVRhYmxlPiBTdHJ1Y3R1cmU6OmNvcAogICAgIHJl dHVybiBhZG9wdFB0cihtX3Byb3BlcnR5VGFibGUgPyBuZXcgUHJvcGVydHlUYWJsZShnbG9iYWxE YXRhLCBvd25lciwgKm1fcHJvcGVydHlUYWJsZSkgOiAwKTsKIH0KIAorUGFzc093blB0cjxQcm9w ZXJ0eVRhYmxlPiBTdHJ1Y3R1cmU6OmNvcHlQcm9wZXJ0eVRhYmxlRm9yUGlubmluZyhKU0dsb2Jh bERhdGEmIGdsb2JhbERhdGEsIFN0cnVjdHVyZSogb3duZXIpCit7CisgICAgcmV0dXJuIGFkb3B0 UHRyKG1fcHJvcGVydHlUYWJsZSA/IG5ldyBQcm9wZXJ0eVRhYmxlKGdsb2JhbERhdGEsIG93bmVy LCAqbV9wcm9wZXJ0eVRhYmxlKSA6IG5ldyBQcm9wZXJ0eVRhYmxlKG1fb2Zmc2V0ID09IG5vT2Zm c2V0ID8gMCA6IG1fb2Zmc2V0KSk7Cit9CisKIHNpemVfdCBTdHJ1Y3R1cmU6OmdldChKU0dsb2Jh bERhdGEmIGdsb2JhbERhdGEsIFN0cmluZ0ltcGwqIHByb3BlcnR5TmFtZSwgdW5zaWduZWQmIGF0 dHJpYnV0ZXMsIEpTQ2VsbComIHNwZWNpZmljVmFsdWUpCiB7CiAgICAgbWF0ZXJpYWxpemVQcm9w ZXJ0eU1hcElmTmVjZXNzYXJ5KGdsb2JhbERhdGEpOwpJbmRleDogU291cmNlL0phdmFTY3JpcHRD b3JlL3J1bnRpbWUvU3RydWN0dXJlLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRD b3JlL3J1bnRpbWUvU3RydWN0dXJlLmgJKHJldmlzaW9uIDk4NjIyKQorKysgU291cmNlL0phdmFT Y3JpcHRDb3JlL3J1bnRpbWUvU3RydWN0dXJlLmgJKHdvcmtpbmcgY29weSkKQEAgLTIzMCw2ICsy MzAsNyBAQCBuYW1lc3BhY2UgSlNDIHsKICAgICAgICAgdm9pZCBkZXNwZWNpZnlBbGxGdW5jdGlv bnMoSlNHbG9iYWxEYXRhJik7CiAKICAgICAgICAgUGFzc093blB0cjxQcm9wZXJ0eVRhYmxlPiBj b3B5UHJvcGVydHlUYWJsZShKU0dsb2JhbERhdGEmLCBTdHJ1Y3R1cmUqIG93bmVyKTsKKyAgICAg ICAgUGFzc093blB0cjxQcm9wZXJ0eVRhYmxlPiBjb3B5UHJvcGVydHlUYWJsZUZvclBpbm5pbmco SlNHbG9iYWxEYXRhJiwgU3RydWN0dXJlKiBvd25lcik7CiAgICAgICAgIHZvaWQgbWF0ZXJpYWxp emVQcm9wZXJ0eU1hcChKU0dsb2JhbERhdGEmKTsKICAgICAgICAgdm9pZCBtYXRlcmlhbGl6ZVBy b3BlcnR5TWFwSWZOZWNlc3NhcnkoSlNHbG9iYWxEYXRhJiBnbG9iYWxEYXRhKQogICAgICAgICB7 CkBAIC0yMzcsNiArMjM4LDEyIEBAIG5hbWVzcGFjZSBKU0MgewogICAgICAgICAgICAgaWYgKCFt X3Byb3BlcnR5VGFibGUgJiYgbV9wcmV2aW91cykKICAgICAgICAgICAgICAgICBtYXRlcmlhbGl6 ZVByb3BlcnR5TWFwKGdsb2JhbERhdGEpOwogICAgICAgICB9CisgICAgICAgIHZvaWQgbWF0ZXJp YWxpemVQcm9wZXJ0eU1hcElmTmVjZXNzYXJ5Rm9yUGlubmluZyhKU0dsb2JhbERhdGEmIGdsb2Jh bERhdGEpCisgICAgICAgIHsKKyAgICAgICAgICAgIEFTU0VSVChzdHJ1Y3R1cmUoKS0+Y2xhc3NJ bmZvKCkgPT0gJnNfaW5mbyk7CisgICAgICAgICAgICBpZiAoIW1fcHJvcGVydHlUYWJsZSkKKyAg ICAgICAgICAgICAgICBtYXRlcmlhbGl6ZVByb3BlcnR5TWFwKGdsb2JhbERhdGEpOworICAgICAg ICB9CiAKICAgICAgICAgaW50IHRyYW5zaXRpb25Db3VudCgpIGNvbnN0CiAgICAgICAgIHsK