Bug 178834

Summary: REGRESSION(r223691): Broke Speedometer 2 React-Redux-TodoMVC test case (Requested by rniwa on #webkit).
Product: WebKit Reporter: WebKit Commit Bot <commit-queue>
Component: New BugsAssignee: Robin Morisset <rmorisset>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: rmorisset, rniwa, ryanhaddad, saam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=178820
Bug Depends on:    
Bug Blocks: 176601    
Attachments:
Description Flags
ROLLOUT of r223691 none

WebKit Commit Bot
Reported 2017-10-25 15:11:47 PDT
https://trac.webkit.org/changeset/223691 broke the build: Broke Speedometer 2 React-Redux-TodoMVC test case (Requested by rniwa on #webkit). This is an automatic bug report generated by webkitbot. If this bug report was created because of a flaky test, please file a bug for the flaky test (if we don't already have one on file) and dup this bug against that bug so that we can track how often these flaky tests fail.
Attachments
ROLLOUT of r223691 (21.92 KB, patch)
2017-10-25 15:11 PDT, WebKit Commit Bot 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
WebKit Commit Bot
Comment 1 2017-10-25 15:11:56 PDT
Created attachment 324905 [details] ROLLOUT of r223691 Any committer can land this patch automatically by marking it commit-queue+. The commit-queue will build and test the patch before landing to ensure that the rollout will be successful. This process takes approximately 15 minutes. If you would like to land the rollout faster, you can use the following command: webkit-patch land-attachment ATTACHMENT_ID where ATTACHMENT_ID is the ID of this attachment.
WebKit Commit Bot
Comment 2 2017-10-25 15:15:43 PDT
Comment on attachment 324905 [details] ROLLOUT of r223691 Clearing flags on attachment: 324905 Committed r223989: <https://trac.webkit.org/changeset/223989>
WebKit Commit Bot
Comment 3 2017-10-25 15:15:45 PDT
All reviewed patches have been landed. Closing bug.
Ryosuke Niwa
Comment 4 2017-10-25 15:19:13 PDT
*** Bug 178820 has been marked as a duplicate of this bug. ***
Robin Morisset
Comment 5 2017-11-06 04:37:05 PST
With sbarati and fpizlo, we found the origin of this problem: the bug is actually in DFGByteCodeParser.cpp::flush(InlineStackEntry *) and was only made visible in Speedometer by my optimization. The bug is in the following two lines: ``` if (!inlineStackEntry->m_inlineCallFrame && m_graph.needsFlushedThis()) flushDirect(virtualRegisterForArgument(0)); ``` It causes 'this' not to be correctly preserved for OSR exit in some corner cases. It is fixed by adding the following just afterwards: ``` else phantomLocalDirect(virtualRegisterForArgument(0)); ``` I will upload a fix on this bug as soon as I manage to write a minimized test case that triggers without my optimization.
Robin Morisset
Comment 6 2017-11-08 12:14:25 PST
I thought I would do this as a separate patch, but as I could not build a regression test that does not use https://bugs.webkit.org/show_bug.cgi?id=176601, I decided to merge the two bugs together. *** This bug has been marked as a duplicate of bug 176601 ***
Note You need to log in before you can comment on or make changes to this bug.