Bug 160124

Summary: [JSC] Adjust SP first before performing vararg setup, fix test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: annulen, bugs-noreply, cgarcia, clopez, fpizlo, ggaren, jfbastien, keith_miller, mark.lam, mcatanzaro, msaboff, saam, ysuzuki
Priority: P2    
Version: Other   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch
none
Patch
mark.lam: review+
Patch for landing none

Michael Catanzaro
Reported 2016-07-23 13:54:14 PDT
Layout test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler is crashing on the GTK release bot: 4235/36510 ........... 4235/36510 ........... 4235/36510 ............ stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler: Segmentation fault (core dumped) 4235/36510 ............ stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler: ERROR: Unexpected exit code: 139 4235/36510 ............ Further investigation required to get a stack trace.
Attachments
Patch (2.54 KB, patch)
2017-03-07 08:25 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (15.14 KB, patch)
2017-03-08 05:06 PST, Yusuke Suzuki 		mark.lam: review+
DetailsFormatted DiffDiff
Patch for landing (15.27 KB, patch)
2017-03-08 22:29 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2017-02-23 17:36:04 PST
So, unless we have some mechanism I'm unaware of to skip JSC tests, I think we should remove this one until it can be fixed. Note: the output is a bit different now: stress/spread-forward-call-varargs-stack-overflow.js.ftl-no-cjit-validate-sampling-profiler: Exception: Error: Bad assertion 6257/40795 ............ stress/spread-forward-call-varargs-stack-overflow.js.ftl-no-cjit-validate-sampling-profiler: assert@spread-forward-call-varargs-stack-overflow.js:3:24 6257/40795 ............ stress/spread-forward-call-varargs-stack-overflow.js.ftl-no-cjit-validate-sampling-profiler: global code@spread-forward-call-varargs-stack-overflow.js:40:15 6257/40795 ............ stress/spread-forward-call-varargs-stack-overflow.js.ftl-no-cjit-validate-sampling-profiler: ERROR: Unexpected exit code: 3
Carlos Garcia Campos
Comment 2 2017-02-23 22:44:54 PST
I doesn't always crash, though. It happens quite often, but sometimes it passes.
Carlos Alberto Lopez Perez
Comment 3 2017-03-06 11:08:06 PST
The title and comment 1 on this bug talk about stress/arity-check-ftl-throw.js Comment 2 talks about stress/spread-forward-call-varargs-stack-overflow.js I don't see stress/arity-check-ftl-throw.js failing often lately. But stress/spread-forward-call-varargs-stack-overflow.js fails a lot. I skipped it on bug 169206 So.. lets keep this bug for tracking stress/arity-check-ftl-throw.js and eventually skip it, if we detect it fails too often
Yusuke Suzuki
Comment 4 2017-03-07 08:25:23 PST
Created attachment 303656 [details] Patch WIP: Investigating...
Yusuke Suzuki
Comment 5 2017-03-07 08:33:03 PST
I think I found the issue and this patch solves it. But it is super ad-hoc & nasty patch. I'll read the code more and upload the solid patch later. Good news: at least, this uploaded patch makes GTK JSC 64bit test 0 failures!
Carlos Garcia Campos
Comment 6 2017-03-07 08:36:18 PST
(In reply to comment #5) > I think I found the issue and this patch solves it. > But it is super ad-hoc & nasty patch. > I'll read the code more and upload the solid patch later. > > Good news: at least, this uploaded patch makes GTK JSC 64bit test 0 failures! Thank you very much Yusuke!
Yusuke Suzuki
Comment 7 2017-03-08 05:06:19 PST
Created attachment 303808 [details] Patch
Mark Lam
Comment 8 2017-03-08 10:31:45 PST
Comment on attachment 303808 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=303808&action=review r=me > Source/JavaScriptCore/ChangeLog:11 > + If we do not that, OS can break the values that is stored beyond the stack /If we do not that, OS/If we don't do that, the OS/
Yusuke Suzuki
Comment 9 2017-03-08 22:27:13 PST
Comment on attachment 303808 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=303808&action=review Thanks! >> Source/JavaScriptCore/ChangeLog:11 >> + If we do not that, OS can break the values that is stored beyond the stack > > /If we do not that, OS/If we don't do that, the OS/ Fixed.
Yusuke Suzuki
Comment 10 2017-03-08 22:29:36 PST
Created attachment 303897 [details] Patch for landing
Yusuke Suzuki
Comment 11 2017-03-08 22:32:03 PST
Committed r213631: <http://trac.webkit.org/changeset/213631>
Yusuke Suzuki
Comment 12 2017-03-08 22:33:22 PST
(In reply to comment #11) > Committed r213631: <http://trac.webkit.org/changeset/213631> Oops, when using Tools/Scripts/webkit-patch apply-from-bug ID, the old patch is applied...
Note You need to log in before you can comment on or make changes to this bug.