Bug 132378

Summary: js/dfg-create-inlined-arguments-in-closure-inline.html flakily crashes under ClosureCallStubRoutine::structure()
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: fpizlo, ggaren
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Alexey Proskuryakov 2014-04-29 23:19:04 PDT 
Happens on bot, and reproducible locally:

run-webkit-tests js/dfg-create-inlined-arguments-in-closure-inline.html --repeat-each 1000

Thread 10 Crashed:: JSC Compilation Thread
0   com.apple.JavaScriptCore      	0x000000010303e4b0 JSC::WriteBarrierBase<JSC::Structure>::get() const + 16 (WriteBarrier.h:92)
1   com.apple.JavaScriptCore      	0x00000001030c968c JSC::ClosureCallStubRoutine::structure() const + 28 (ClosureCallStubRoutine.h:44)
2   com.apple.JavaScriptCore      	0x00000001030cb827 JSC::CallLinkStatus::computeFor(JSC::ConcurrentJITLocker const&, JSC::CallLinkInfo&) + 151 (CallLinkStatus.cpp:156)
3   com.apple.JavaScriptCore      	0x00000001030cb6bc JSC::CallLinkStatus::computeFor(JSC::CodeBlock*, unsigned int, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkInfo*, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkInfo*> > const&) + 396 (CallLinkStatus.cpp:136)
4   com.apple.JavaScriptCore      	0x00000001030cbcc4 JSC::CallLinkStatus::computeFor(JSC::CodeBlock*, JSC::CodeOrigin, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkInfo*, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkInfo*> > const&, WTF::HashMap<JSC::CodeOrigin, JSC::CallLinkStatus, JSC::CodeOriginApproximateHash, WTF::HashTraits<JSC::CodeOrigin>, WTF::HashTraits<JSC::CallLinkStatus> > const&) + 212 (CallLinkStatus.cpp:238)
5   com.apple.JavaScriptCore      	0x0000000103189e79 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CodeSpecializationKind, unsigned int, int, int, int) + 441 (DFGByteCodeParser.cpp:1211)
Comment 1 Alexey Proskuryakov 2014-04-29 23:19:23 PDT 
<rdar://problem/16766362>
Comment 2 Geoffrey Garen 2014-04-30 11:44:33 PDT 
Please don't use the word "flaky". It is a cancer on the mind.
Comment 3 Alexey Proskuryakov 2014-04-30 11:59:55 PDT 
Please don't randomly remove relevant information from bug titles. If you can come up with a better way to describe the situation, let's discuss that on webkit-dev.

I also don't agree with your negative characterization of "flakily crashes". "Flaky test" is a misleading concept, but "flakily crashing" is relevant factual information.