Bug 139865

Summary: js/promises-tests/promises-tests-2-3-3.html sometimes crashes under DFG::SpeculativeJIT::compile
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: fpizlo, ggaren, mark.lam, msaboff, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch ap: review+

Description Alexey Proskuryakov 2014-12-22 09:26:37 PST 
run-webkit-tests js/promises-tests/promises-tests-2-3-3.html -f --repeat 1000

Thread 13 Crashed:: DFG Worklist Worker Thread
0   com.apple.JavaScriptCore      	0x0000000103d62c8a WTFCrash + 42 (Assertions.cpp:321)
1   com.apple.JavaScriptCore      	0x00000001037acc31 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) + 79505 (DFGSpeculativeJIT64.cpp:4540)
2   com.apple.JavaScriptCore      	0x000000010374e17a JSC::DFG::SpeculativeJIT::compileCurrentBlock() + 1754 (DFGSpeculativeJIT.cpp:1463)
3   com.apple.JavaScriptCore      	0x000000010374e946 JSC::DFG::SpeculativeJIT::compile() + 182 (DFGSpeculativeJIT.cpp:1568)
4   com.apple.JavaScriptCore      	0x00000001036d72a7 JSC::DFG::JITCompiler::compileBody() + 55 (DFGJITCompiler.cpp:113)
5   com.apple.JavaScriptCore      	0x00000001036d9d73 JSC::DFG::JITCompiler::compileFunction() + 1187 (DFGJITCompiler.cpp:354)
6   com.apple.JavaScriptCore      	0x000000010373b040 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) + 3184 (DFGPlan.cpp:302)
7   com.apple.JavaScriptCore      	0x000000010373a041 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) + 417 (DFGPlan.cpp:164)
8   com.apple.JavaScriptCore      	0x00000001038049c9 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*) + 745 (DFGWorklist.cpp:358)
9   com.apple.JavaScriptCore      	0x0000000103802ef4 JSC::DFG::Worklist::threadFunction(void*) + 36 (DFGWorklist.cpp:401)
10  com.apple.JavaScriptCore      	0x0000000103db8ed9 WTF::createThread(void (*)(void*), void*, char const*)::$_0::operator()() const + 25 (Threading.cpp:82)

rdar://problem/19326058
Comment 1 Alexey Proskuryakov 2014-12-22 09:39:26 PST 
Skipped the test in r177633.
Comment 2 Alexey Proskuryakov 2014-12-22 10:41:08 PST 
This test used to have a Slow expectation, which will need to be reinstated once the crash is fixed.
Comment 3 Michael Saboff 2015-03-26 09:54:30 PDT 
Created attachment 249493 [details]
Patch
Comment 4 Michael Saboff 2015-03-26 10:05:19 PDT 
Committed r182013: <http://trac.webkit.org/changeset/182013>