Bug 156340
| Summary: | REGRESSION: Speedometer/Full.htm started to crash | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Csaba Osztrogonác <ossy> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | benjamin, fpizlo, keith_miller, ossy, saam |
| Priority: | P2 | ||
| Version: | Other | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Csaba Osztrogonác
Speedometer/Full.htm started to crash between r199126 and r199135:
- https://build.webkit.org/builders/Apple%20El%20Capitan%20Release%20WK2%20%28Perf%29/builds/1650
- https://build.webkit.org/builders/Apple%20Yosemite%20Release%20WK2%20%28Perf%29/builds/4674
- https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/8315
only EFL bot provides crash log:
Running Speedometer/Full.html (151 of 151)
error: Speedometer/Full.html
1 0x7f1c3b2ace58
2 0x7f1c38e3c2f0
3 0x7f1c33f81780 JSC::JSArray::tryCreateUninitialized(JSC::VM&, JSC::Structure*, unsigned int)
4 0x7f1c34073713 JSC::arrayProtoPrivateFuncConcatMemcpy(JSC::ExecState*)
5 0x7f1be39ff0c8
It seems it is a bug in JSC somewhere.
JSC changes in this interval:
- https://trac.webkit.org/changeset/199128
- https://trac.webkit.org/changeset/199129
- https://trac.webkit.org/changeset/199132
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Csaba Osztrogonác
Let's bisect it on the perf bots:
- r199128: https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/8320
- r199129: https://build.webkit.org/builders/Apple%20El%20Capitan%20Release%20WK2%20%28Perf%29/builds/1655
We will se the results in ~2 hours.
Keith Miller
This is definitely my patch. https://trac.webkit.org/changeset/199128
Csaba Osztrogonác
It works after relanding the original change with fixes.