Bug 137404

Summary: REGRESSION(r174226): [JSC] Crash when running the perf test Speedometer/Full.html
Product: WebKit Reporter: Carlos Alberto Lopez Perez <clopez>
Component: JavaScriptCoreAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal CC: fpizlo, oliver, ossy, rniwa, SlaunchaMan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 136869    
Attachments:
Description Flags
GDB Backtrace for the GTK port when running the perft test Speedometer/Full.html
none
Patch msaboff: review+

Carlos Alberto Lopez Perez
Reported 2014-10-03 14:16:42 PDT
The performance test Speedometer/Full.html is crashing since r174226 <http://trac.webkit.org/r174226> I have double checked this: locally reverting r174226 fixes the issue. I'm attaching a backtrace from the GTK port that I obtained running the following command on r174267: $ Tools/Scripts/run-perf-tests --platform gtk --release -2 Speedometer/Full.html The issue is not GTK specific, it happens on all platforms: * https://build.webkit.org/builders/Apple%20MountainLion%20Release%20%28Perf%29/builds/10186 * https://build.webkit.org/builders/Apple%20Mavericks%20Release%20%28Perf%29/builds/2725 * https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/3378 * https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Perf%29/builds/944
Attachments
GDB Backtrace for the GTK port when running the perft test Speedometer/Full.html (17.77 KB, text/plain)
2014-10-03 14:17 PDT, Carlos Alberto Lopez Perez 		no flags
Details
Patch (7.90 KB, patch)
2014-10-06 11:36 PDT, Oliver Hunt 		msaboff: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Alberto Lopez Perez
Comment 1 2014-10-03 14:17:36 PDT
Created attachment 239235 [details] GDB Backtrace for the GTK port when running the perft test Speedometer/Full.html
Oliver Hunt
Comment 2 2014-10-03 14:28:26 PDT
investigating
Alexey Proskuryakov
Comment 3 2014-10-03 19:31:35 PDT
#0 0x00007f9b78a7c96d in JSC::ExecState::lexicalEnvironment() const () #1 0x00007f9b78b7f20c in JSC::Arguments::getOwnPropertySlotByIndex(JSC::JSObject*, JSC::ExecState*, unsigned int, JSC::PropertySlot&) () #2 0x00007f9b78d2c3b5 in JSC::LLInt::getByVal(JSC::ExecState*, JSC::JSValue, JSC::JSValue) () #3 0x00007f9b78d244e2 in llint_slow_path_get_by_val ()
Oliver Hunt
Comment 4 2014-10-06 10:34:20 PDT
Ok, this is a stupid mistake on my part. Fixing.
Oliver Hunt
Comment 5 2014-10-06 11:36:03 PDT
Created attachment 239342 [details] Patch
Michael Saboff
Comment 6 2014-10-06 12:28:28 PDT
Comment on attachment 239342 [details] Patch r=me
Oliver Hunt
Comment 7 2014-10-06 12:29:43 PDT
Committed r174359: <http://trac.webkit.org/changeset/174359>
Alexey Proskuryakov
Comment 8 2014-10-07 10:07:02 PDT
*** Bug 137452 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.