Bug 137404

Summary:

REGRESSION(r174226): [JSC] Crash when running the perf test Speedometer/Full.html

Product:

WebKit

Reporter:

Carlos Alberto Lopez Perez <clopez>

Component:

JavaScriptCore

Assignee:

Oliver Hunt <oliver>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

fpizlo, oliver, ossy, rniwa, SlaunchaMan

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

136869

Attachments:

Description	Flags
GDB Backtrace for the GTK port when running the perft test Speedometer/Full.html	none
Patch	msaboff: review+

Carlos Alberto Lopez Perez

Reported 2014-10-03 14:16:42 PDT

The performance test Speedometer/Full.html is crashing since r174226 <http://trac.webkit.org/r174226> I have double checked this: locally reverting r174226 fixes the issue. I'm attaching a backtrace from the GTK port that I obtained running the following command on r174267: $ Tools/Scripts/run-perf-tests --platform gtk --release -2 Speedometer/Full.html The issue is not GTK specific, it happens on all platforms: * https://build.webkit.org/builders/Apple%20MountainLion%20Release%20%28Perf%29/builds/10186 * https://build.webkit.org/builders/Apple%20Mavericks%20Release%20%28Perf%29/builds/2725 * https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/3378 * https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Perf%29/builds/944

Attachments
GDB Backtrace for the GTK port when running the perft test Speedometer/Full.html (17.77 KB, text/plain) 2014-10-03 14:17 PDT, Carlos Alberto Lopez Perez	no flags	Details
Patch (7.90 KB, patch) 2014-10-06 11:36 PDT, Oliver Hunt	msaboff: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Carlos Alberto Lopez Perez

Comment 1 2014-10-03 14:17:36 PDT

Created attachment 239235 [details] GDB Backtrace for the GTK port when running the perft test Speedometer/Full.html

Oliver Hunt

Comment 2 2014-10-03 14:28:26 PDT

investigating

Alexey Proskuryakov

Comment 3 2014-10-03 19:31:35 PDT

#0 0x00007f9b78a7c96d in JSC::ExecState::lexicalEnvironment() const () #1 0x00007f9b78b7f20c in JSC::Arguments::getOwnPropertySlotByIndex(JSC::JSObject*, JSC::ExecState*, unsigned int, JSC::PropertySlot&) () #2 0x00007f9b78d2c3b5 in JSC::LLInt::getByVal(JSC::ExecState*, JSC::JSValue, JSC::JSValue) () #3 0x00007f9b78d244e2 in llint_slow_path_get_by_val ()

Oliver Hunt

Comment 4 2014-10-06 10:34:20 PDT

Ok, this is a stupid mistake on my part. Fixing.

Oliver Hunt

Comment 5 2014-10-06 11:36:03 PDT

Created attachment 239342 [details] Patch

Michael Saboff

Comment 6 2014-10-06 12:28:28 PDT

Comment on attachment 239342 [details] Patch r=me

Oliver Hunt

Comment 7 2014-10-06 12:29:43 PDT

Committed r174359: <http://trac.webkit.org/changeset/174359>

Alexey Proskuryakov

Comment 8 2014-10-07 10:07:02 PDT

*** Bug 137452 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.