Bug 149341

Summary: REGRESSION(r189889): It made Speedometer/Full.html performance test crash on Linux
Product: WebKit Reporter: Csaba Osztrogonác <ossy>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Critical CC: basile_clement, cdumez, cgarcia, clopez, fpizlo, ggaren, gyuyoung.kim, msaboff, ossy, rniwa, saam
Priority: P1    
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 149220    

Description Csaba Osztrogonác 2015-09-18 03:44:01 PDT 
+++ This bug was initially created as a clone of Bug #149162 +++

http://trac.webkit.org/changeset/189774 made Speedometer/Full.html
test crash on the performance bots:
- Apple Yosemite: https://build.webkit.org/builders/Apple%20Yosemite%20Release%20WK2%20%28Perf%29/builds/2904
- Apple Mavericks: https://build.webkit.org/builders/Apple%20Mavericks%20Release%20WK2%20%28Perf%29/builds/5762
- EFL: https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/6860
- GTK: https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Perf%29/builds/4051

-----

It was relanded in http://trac.webkit.org/changeset/189884 , but unfortunately
Speedometer/Full.html is still crashing on Linux performance bots:
- https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Perf%29/builds/4071
- https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/6877

crash log from the EFL bot:


Running Speedometer/Full.html (150 of 150)
error: Speedometer/Full.html
1   0x7f8ec5735488
2   0x7f8ec5913eb0
3   0x7f8ec53869ef JSC::SlotVisitor::drain()
4   0x7f8ec5371d8f JSC::Heap::markRoots(double, void*, void*, __jmp_buf_tag (&) [1])
5   0x7f8ec537c6b3 JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, __jmp_buf_tag (&) [1])
6   0x7f8ec537c948 JSC::Heap::collect(JSC::HeapOperation)
7   0x7f8ec5381e35 JSC::MarkedAllocator::allocateSlowCase(unsigned long)
8   0x7f8ec540cce0 JSC::Structure::prototypeChain(JSC::ExecState*) const
9   0x7f8ec540cee4 JSC::propertyNameEnumerator(JSC::ExecState*, JSC::JSObject*)
10  0x7f8e68081b4c

FAILED
Comment 1 Csaba Osztrogonác 2015-09-18 04:42:56 PDT 
It seems http://trac.webkit.org/changeset/189884 is innocent,
http://trac.webkit.org/changeset/189889 is the culprit. I 
tested it on EFL, it passes on r189888, but fails on r189889.
Comment 2 Csaba Osztrogonác 2015-09-24 03:26:22 PDT 
This GC related regresssion is still valid. Isn't anybody interested in fixing it?
Comment 3 Ryosuke Niwa 2018-01-17 19:11:50 PST 
Is this still happening?