Bug 180375

Summary: Proxy all functions, except the $ objects
Product: WebKit Reporter: JF Bastien <jfbastien>
Component: JavaScriptCoreAssignee: JF Bastien <jfbastien>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fpizlo, jfbastien, keith_miller, mark.lam, mcatanzaro, msaboff, rmorisset, saam, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 180306    
Bug Blocks:    
Attachments:
Description Flags
patch none

JF Bastien
Reported 2017-12-04 13:22:24 PST
It looks like https://bugs.webkit.org/show_bug.cgi?id=180306 may have broken some executions because (I'm guessing here) I call some internal objects. Explicitly ignore objects whose name starts with "$" because it's a bad idea anyways.
Attachments
patch (2.31 KB, patch)
2017-12-04 13:24 PST, JF Bastien 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2017-12-04 13:23:46 PST
OK, I can reproduce the crashes locally: #0 0x000000000067c7b6 in JSC::CodeBlock::unlinkIncomingCalls() () #1 0x0000000000ce044d in JSC::ScriptExecutable::installCode(JSC::VM&, JSC::CodeBlock*, JSC::CodeType, JSC::CodeSpecializationKind) () #2 0x0000000000a1d4cc in JSC::JITWorklist::Plan::compileNow(JSC::CodeBlock*, unsigned int) () #3 0x0000000000a1a66a in JSC::JITWorklist::compileLater(JSC::CodeBlock*, unsigned int) () #4 0x0000000000a45923 in JSC::LLInt::jitCompileAndSetHeuristics(JSC::CodeBlock*, JSC::ExecState*, unsigned int) () #5 0x0000000000a44073 in llint_loop_osr () #6 0x0000000000a32964 in llint_entry () #7 0x0000000000a32c90 in llint_entry () #8 0x0000000000a2bb08 in vmEntryToJavaScript () #9 0x00000000009d4952 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () #10 0x00000000009ae252 in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) () #11 0x0000000000b5b94d in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () #12 0x0000000000666419 in jscmain(int, char**) () #13 0x000000000065c1ea in main () #0 0x000000000067c7b6 in JSC::CodeBlock::unlinkIncomingCalls() () #1 0x0000000000ce044d in JSC::ScriptExecutable::installCode(JSC::VM&, JSC::CodeBlock*, JSC::CodeType, JSC::CodeSpecializationKind) () #2 0x0000000000a1d4cc in JSC::JITWorklist::Plan::compileNow(JSC::CodeBlock*, unsigned int) () #3 0x0000000000a1a66a in JSC::JITWorklist::compileLater(JSC::CodeBlock*, unsigned int) () #4 0x0000000000a45923 in JSC::LLInt::jitCompileAndSetHeuristics(JSC::CodeBlock*, JSC::ExecState*, unsigned int) () #5 0x0000000000a44073 in llint_loop_osr () #6 0x0000000000a32964 in llint_entry () #7 0x0000000000a32c90 in llint_entry () #8 0x0000000000a2bb08 in vmEntryToJavaScript () #9 0x00000000009d4952 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () #10 0x00000000009ae252 in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) () #11 0x0000000000b5b94d in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () #12 0x0000000000666419 in jscmain(int, char**) () #13 0x000000000065c1ea in main () No data members because I was silly and did a release build specifically for this, thinking to avoid all the extra failures from asserts that are occurring in debug builds (we need to get a handle on those). I can redo it with a debug build if filtering out the $ objects doesn't work and you need a better backtrace.
JF Bastien
Comment 2 2017-12-04 13:24:43 PST
Created attachment 328381 [details] patch
JF Bastien
Comment 3 2017-12-04 13:26:29 PST
(In reply to Michael Catanzaro from comment #1) > OK, I can reproduce the crashes locally: Does it still repo with my change?
WebKit Commit Bot
Comment 4 2017-12-04 14:06:54 PST
Comment on attachment 328381 [details] patch Clearing flags on attachment: 328381 Committed r225493: <https://trac.webkit.org/changeset/225493>
WebKit Commit Bot
Comment 5 2017-12-04 14:06:55 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 6 2017-12-04 14:07:17 PST
<rdar://problem/35838830>
Michael Catanzaro
Comment 7 2017-12-04 15:16:43 PST
(In reply to JF Bastien from comment #3) > (In reply to Michael Catanzaro from comment #1) > > OK, I can reproduce the crashes locally: > > Does it still repo with my change? No, the bots are happy again. Thanks!
Note You need to log in before you can comment on or make changes to this bug.