Bug 139246

Summary: REGRESSION (r176479): DFG ASSERTION beneath emitOSRExitCall running Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation and other tests
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 312.x   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch for landing - reviewed in person. none

Michael Saboff
Reported 2014-12-03 17:26:26 PST
run-javascriptcore-tests --debug internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: DFG ASSERTION FAILED: !(availability.isDead() && m_graph.isLiveInBytecode(VirtualRegister(operand), codeOrigin)) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: /Volumes/Big/ggaren/OpenSource/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp(6562) : void JSC::FTL::LowerDFGToLLVM::buildExitArguments(JSC::FTL::OSRExit &, ExitArgumentList &, JSC::FTL::FormattedValue, JSC::CodeOrigin) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 1 0x1034ae5b0 WTFCrashWithSecurityImplication internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 2 0x102dfd763 JSC::DFG::crash(JSC::DFG::Graph&, WTF::CString const&, char const*, int, char const*, char const*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 3 0x102dfd7db JSC::DFG::Graph::handleAssertionFailure(JSC::DFG::Node*, char const*, int, char const*, char const*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 4 0x102fd23c8 JSC::FTL::LowerDFGToLLVM::buildExitArguments(JSC::FTL::OSRExit&, WTF::Vector<LLVMOpaqueValue*, 16u, WTF::CrashOnOverflow>&, JSC::FTL::FormattedValue, JSC::CodeOrigin) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 5 0x102fd202b JSC::FTL::LowerDFGToLLVM::emitOSRExitCall(JSC::FTL::OSRExit&, JSC::FTL::FormattedValue) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 6 0x102fd1ab1 JSC::FTL::LowerDFGToLLVM::appendOSRExit(JSC::ExitKind, JSC::FTL::FormattedValue, JSC::DFG::Node*, LLVMOpaqueValue*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 7 0x102fd145c JSC::FTL::LowerDFGToLLVM::appendTypeCheck(JSC::FTL::FormattedValue, JSC::DFG::Edge, unsigned int, LLVMOpaqueValue*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 8 0x102fd12a3 JSC::FTL::LowerDFGToLLVM::typeCheck(JSC::FTL::FormattedValue, JSC::DFG::Edge, unsigned int, LLVMOpaqueValue*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 9 0x102fdbe47 JSC::FTL::LowerDFGToLLVM::lowInt32(JSC::DFG::Edge, JSC::DFG::OperandSpePASS: internal-js-tests.yaml/Kraken/json-stringify-tinderbox.js.ftl-no-cjit-osr-validation culationMode) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 10 0x102fe5a2a JSC::FTL::LowerDFGToLLVM::speculateInt32(JSC::DFG::Edge) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 11 0x102fe5320 JSC::FTL::LowerDFGToLLVM::speculate(JSC::DFG::Edge) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 12 0x102ff5599 JSC::FTL::LowerDFGToLLVM::speculate(JSC::DFG::Node*, JSC::DFG::Edge) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 13 0x102facdbd JSC::FTL::LowerDFGToLLVM::compilePhantom() internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 14 0x102faa0c0 JSC::FTL::LowerDFGToLLVM::compileNode(unsigned int) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 15 0x102fa9b11 JSC::FTL::LowerDFGToLLVM::compileBlock(JSC::DFG::BasicBlock*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 16 0x102fa7c68 JSC::FTL::LowerDFGToLLVM::lower() internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 17 0x102fa523e JSC::FTL::lowerDFGToLLVM(JSC::FTL::State&) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 18 0x102e88331 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 19 0x102e87466 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 20 0x102ddf146 JSC::DFG::compileImpl(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 21 0x102ddeb24 JSC::DFG::compile(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 22 0x102e4efc4 triggerOSREntryNow internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 23 0x4bec0dc0922d internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 24 0x10327ca9b llint_entry internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 25 0x103276519 vmEntryToJavaScript internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 26 0x103102c1a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 27 0x1030e71f1 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 28 0x102c75c60 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 29 0x102af49d6 functionLoad(JSC::ExecState*) internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 30 0x4bec0dc01034 internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: 31 0x10327ca9b llint_entry internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: test_script_92: line 2: 99939 Segmentation fault: 11 "$@" ../../../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --enableFunctionDotArguments\=true --validateFTLOSRExitLiveness\=true --useFTLJIT\=true --enableConcurrentJIT\=false --thresholdForJITAfterWarmUp\=100 imaging-gaussian-blur.js internal-js-tests.yaml/Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation: ERROR: Unexpected exit code: 139 91/16931 (failed 1) .........................^Cmake: *** wait: Interrupted system call. Stop.
Attachments
Patch for landing - reviewed in person. (2.00 KB, patch)
2014-12-03 17:55 PST, Michael Saboff 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2014-12-03 17:55:26 PST
Created attachment 242544 [details] Patch for landing - reviewed in person.
Michael Saboff
Comment 2 2014-12-03 17:59:09 PST
Committed r176771: <http://trac.webkit.org/changeset/176771>
Note You need to log in before you can comment on or make changes to this bug.