Bug 137404

Summary: REGRESSION(r174226): [JSC] Crash when running the perf test Speedometer/Full.html
Product: WebKit Reporter: Carlos Alberto Lopez Perez <clopez>
Component: JavaScriptCoreAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal CC: fpizlo, oliver, ossy, rniwa, SlaunchaMan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 136869    
Attachments:
Description Flags
GDB Backtrace for the GTK port when running the perft test Speedometer/Full.html
none
Patch msaboff: review+

Description Carlos Alberto Lopez Perez 2014-10-03 14:16:42 PDT 
The performance test Speedometer/Full.html is crashing since r174226 <http://trac.webkit.org/r174226>

I have double checked this: locally reverting r174226 fixes the issue.

I'm attaching a backtrace from the GTK port that I obtained running the following command on r174267:

$ Tools/Scripts/run-perf-tests  --platform gtk --release -2 Speedometer/Full.html

The issue is not GTK specific, it happens on all platforms:

 * https://build.webkit.org/builders/Apple%20MountainLion%20Release%20%28Perf%29/builds/10186
 * https://build.webkit.org/builders/Apple%20Mavericks%20Release%20%28Perf%29/builds/2725
 * https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/3378
 * https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Perf%29/builds/944
Comment 1 Carlos Alberto Lopez Perez 2014-10-03 14:17:36 PDT 
Created attachment 239235 [details]
GDB Backtrace for the GTK port when running the perft test Speedometer/Full.html
Comment 2 Oliver Hunt 2014-10-03 14:28:26 PDT 
investigating
Comment 3 Alexey Proskuryakov 2014-10-03 19:31:35 PDT 
#0  0x00007f9b78a7c96d in JSC::ExecState::lexicalEnvironment() const ()
#1  0x00007f9b78b7f20c in JSC::Arguments::getOwnPropertySlotByIndex(JSC::JSObject*, JSC::ExecState*, unsigned int, JSC::PropertySlot&) ()
#2  0x00007f9b78d2c3b5 in JSC::LLInt::getByVal(JSC::ExecState*, JSC::JSValue, JSC::JSValue) ()
#3  0x00007f9b78d244e2 in llint_slow_path_get_by_val ()
Comment 4 Oliver Hunt 2014-10-06 10:34:20 PDT 
Ok, this is a stupid mistake on my part. Fixing.
Comment 5 Oliver Hunt 2014-10-06 11:36:03 PDT 
Created attachment 239342 [details]
Patch
Comment 6 Michael Saboff 2014-10-06 12:28:28 PDT 
Comment on attachment 239342 [details]
Patch

r=me
Comment 7 Oliver Hunt 2014-10-06 12:29:43 PDT 
Committed r174359: <http://trac.webkit.org/changeset/174359>
Comment 8 Alexey Proskuryakov 2014-10-07 10:07:02 PDT 
*** Bug 137452 has been marked as a duplicate of this bug. ***