Bug 132378
| Summary: | js/dfg-create-inlined-arguments-in-closure-inline.html flakily crashes under ClosureCallStubRoutine::structure() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Alexey Proskuryakov <ap> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | fpizlo, ggaren |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Alexey Proskuryakov
Happens on bot, and reproducible locally:
run-webkit-tests js/dfg-create-inlined-arguments-in-closure-inline.html --repeat-each 1000
Thread 10 Crashed:: JSC Compilation Thread
0 com.apple.JavaScriptCore 0x000000010303e4b0 JSC::WriteBarrierBase<JSC::Structure>::get() const + 16 (WriteBarrier.h:92)
1 com.apple.JavaScriptCore 0x00000001030c968c JSC::ClosureCallStubRoutine::structure() const + 28 (ClosureCallStubRoutine.h:44)
2 com.apple.JavaScriptCore 0x00000001030cb827 JSC::CallLinkStatus::computeFor(JSC::ConcurrentJITLocker const&, JSC::CallLinkInfo&) + 151 (CallLinkStatus.cpp:156)
3 com.apple.JavaScriptCore 0x00000001030cb6bc JSC::CallLinkStatus::computeFor(JSC::CodeBlock*, unsigned int, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkInfo*, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkInfo*> > const&) + 396 (CallLinkStatus.cpp:136)
4 com.apple.JavaScriptCore 0x00000001030cbcc4 JSC::CallLinkStatus::computeFor(JSC::CodeBlock*, JSC::CodeOrigin, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkInfo*, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkInfo*> > const&, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkStatus, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkStatus> > const&) + 212 (CallLinkStatus.cpp:238)
5 com.apple.JavaScriptCore 0x0000000103189e79 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CodeSpecializationKind, unsigned int, int, int, int) + 441 (DFGByteCodeParser.cpp:1211)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
<rdar://problem/16766362>
Geoffrey Garen
Please don't use the word "flaky". It is a cancer on the mind.
Alexey Proskuryakov
Please don't randomly remove relevant information from bug titles. If you can come up with a better way to describe the situation, let's discuss that on webkit-dev.
I also don't agree with your negative characterization of "flakily crashes". "Flaky test" is a misleading concept, but "flakily crashing" is relevant factual information.