Bug 139246

Summary: REGRESSION (r176479): DFG ASSERTION beneath emitOSRExitCall running Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation and other tests
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 312.x   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch for landing - reviewed in person. none

Description Michael Saboff 2014-12-03 17:26:26 PST 
run-javascriptcore-tests --debug

internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: DFG ASSERTION FAILED: !(availability.isDead() && m_graph.isLiveInBytecode(VirtualRegister(operand), codeOrigin))
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: /Volumes/Big/ggaren/OpenSource/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp(6562) : void JSC::FTL::LowerDFGToLLVM::buildExitArguments(JSC::FTL::OSRExit &, ExitArgumentList &, JSC::FTL::FormattedValue, JSC::CodeOrigin)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 1   0x1034ae5b0 WTFCrashWithSecurityImplication
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 2   0x102dfd763 JSC::DFG::crash(JSC::DFG::Graph&, WTF::CString const&, char const*, int, char const*, char const*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 3   0x102dfd7db JSC::DFG::Graph::handleAssertionFailure(JSC::DFG::Node*, char const*, int, char const*, char const*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 4   0x102fd23c8 JSC::FTL::LowerDFGToLLVM::buildExitArguments(JSC::FTL::OSRExit&, WTF::Vector<LLVMOpaqueValue*, 16u, WTF::CrashOnOverflow>&, JSC::FTL::FormattedValue, JSC::CodeOrigin)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 5   0x102fd202b JSC::FTL::LowerDFGToLLVM::emitOSRExitCall(JSC::FTL::OSRExit&, JSC::FTL::FormattedValue)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 6   0x102fd1ab1 JSC::FTL::LowerDFGToLLVM::appendOSRExit(JSC::ExitKind, JSC::FTL::FormattedValue, JSC::DFG::Node*, LLVMOpaqueValue*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 7   0x102fd145c JSC::FTL::LowerDFGToLLVM::appendTypeCheck(JSC::FTL::FormattedValue, JSC::DFG::Edge, unsigned int, LLVMOpaqueValue*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 8   0x102fd12a3 JSC::FTL::LowerDFGToLLVM::typeCheck(JSC::FTL::FormattedValue, JSC::DFG::Edge, unsigned int, LLVMOpaqueValue*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 9   0x102fdbe47 JSC::FTL::LowerDFGToLLVM::lowInt32(JSC::DFG::Edge, JSC::DFG::OperandSpePASS: internal-js-tests.yaml/Kraken/json-stringify-tinderbox.js.ftl-no-cjit-osr-validation
culationMode)                         
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 10  0x102fe5a2a JSC::FTL::LowerDFGToLLVM::speculateInt32(JSC::DFG::Edge)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 11  0x102fe5320 JSC::FTL::LowerDFGToLLVM::speculate(JSC::DFG::Edge)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 12  0x102ff5599 JSC::FTL::LowerDFGToLLVM::speculate(JSC::DFG::Node*, JSC::DFG::Edge)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 13  0x102facdbd JSC::FTL::LowerDFGToLLVM::compilePhantom()
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 14  0x102faa0c0 JSC::FTL::LowerDFGToLLVM::compileNode(unsigned int)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 15  0x102fa9b11 JSC::FTL::LowerDFGToLLVM::compileBlock(JSC::DFG::BasicBlock*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 16  0x102fa7c68 JSC::FTL::LowerDFGToLLVM::lower()
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 17  0x102fa523e JSC::FTL::lowerDFGToLLVM(JSC::FTL::State&)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 18  0x102e88331 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 19  0x102e87466 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 20  0x102ddf146 JSC::DFG::compileImpl(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 21  0x102ddeb24 JSC::DFG::compile(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 22  0x102e4efc4 triggerOSREntryNow
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 23  0x4bec0dc0922d
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 24  0x10327ca9b llint_entry
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 25  0x103276519 vmEntryToJavaScript
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 26  0x103102c1a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 27  0x1030e71f1 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 28  0x102c75c60 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 29  0x102af49d6 functionLoad(JSC::ExecState*)
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 30  0x4bec0dc01034
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 31  0x10327ca9b llint_entry
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: test_script_92: line 2: 99939 Segmentation fault: 11  "$@" ../../../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --enableFunctionDotArguments\=true --validateFTLOSRExitLiveness\=true --useFTLJIT\=true --enableConcurrentJIT\=false --thresholdForJITAfterWarmUp\=100 imaging-gaussian-blur.js
internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: ERROR: Unexpected exit code: 139
   91/16931 (failed 1) .........................^Cmake: *** wait: Interrupted system call.  Stop.
Comment 1 Michael Saboff 2014-12-03 17:55:26 PST 
Created attachment 242544 [details]
Patch for landing - reviewed in person.
Comment 2 Michael Saboff 2014-12-03 17:59:09 PST 
Committed r176771: <http://trac.webkit.org/changeset/176771>