Bug 187057
| Summary: | JSC: ASSERTION FAILED: !getDirect(offset) || !JSValue::encode(getDirect(offset)) | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Truitt Savell <tsavell> |
| Component: | Tools / Tests | Assignee: | Mark Lam <mark.lam> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | ap, cturner, lforschler, mark.lam, realdawei, ryanhaddad |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Truitt Savell
I am seeing around 100 JSC accretion failures after a new accretion was added.
Log:
https://build.webkit.org/builders/Apple%20High%20Sierra%20Debug%20JSC%20%28Tests%29/builds/1180/steps/jscore-test/logs/stdio
Example of Error:
stress/dfg-put-getter-by-val-class.js.default: ASSERTION FAILED: !getDirect(offset) || !JSValue::encode(getDirect(offset))
stress/dfg-put-getter-by-val-class.js.default: /Volumes/Data/slave/highsierra-debug/build/Source/JavaScriptCore/runtime/JSObjectInlines.h(335) : bool JSC::JSObject::putDirectInternal(JSC::VM &, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot &)
1 0x10ed66a69 WTFCrash
2 0x10eea5766 bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)1>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&)
3 0x10eea4580 JSC::JSObject::putDirect(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int)
4 0x110008bf2 JSC::JSFunction::reifyName(JSC::VM&, JSC::ExecState*, WTF::String)
5 0x1100088b9 JSC::JSFunction::setFunctionName(JSC::ExecState*, JSC::JSValue)
6 0x10fd17395 operationSetFunctionName
7 0x547d9a5f728
8 0x10ee58ddc llint_entry
9 0x10ee50842 vmEntryToJavaScript
10 0x10fcacfaa JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
11 0x10fcac551 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*)
12 0x10ff63947 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
13 0x10ec9fd00 runWithOptions(GlobalObject*, CommandLine&, bool&)
14 0x10ec7748c jscmain(int, char**)::$_3::operator()(JSC::VM&, GlobalObject*, bool&) const
15 0x10ec5ecb4 int runJSC<jscmain(int, char**)::$_3>(CommandLine, bool, jscmain(int, char**)::$_3 const&)
16 0x10ec5d79f jscmain(int, char**)
17 0x10ec5d6fe main
18 0x7fff6e830015 start
stress/dfg-put-getter-by-val-class.js.default: test_script_7860: line 2: 10510 Segmentation fault: 11 ( "$@" ../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --validateExceptionChecks\=true --useDollarVM\=true --maxPerThreadStackUsage\=1572864 --useFTLJIT\=true dfg-put-getter-by-val-class.js )
stress/dfg-put-getter-by-val-class.js.default: ERROR: Unexpected exit code: 139
FAIL: stress/dfg-put-getter-by-val-class.js.default
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Charlie Turner
I see the same assert message whenever YouTube loads on GTK in my debug build. It happens in many other places as well, but YT is consistently asserting,
ASSERTION FAILED: !getDirect(offset) || !JSValue::encode(getDirect(offset))
DerivedSources/ForwardingHeaders/JavaScriptCore/JSObjectInlines.h(335) : bool JSC::JSObject::putDirectInternal(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&) [with JSC::JSObject::PutMode <anonymous> = (JSC::JSObject::PutMode)1]
1 0x7f8c578048ab /home/charlie/WebKit/WebKitWPE/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x9) [0x7f8c578048ab]
2 0x7f8c651c0aff /home/charlie/WebKit/WebKitWPE/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)1>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&)+0x6f1) [0x7f8c651c0aff]
3 0x7f8c651ba6dc /home/charlie/WebKit/WebKitWPE/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(JSC::JSObject::putDirect(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int)+0x10e) [0x7f8c651ba6dc]
4 0x7f8c57472f27 /home/charlie/WebKit/WebKitWPE/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::JSFunction::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)+0x2a1) [0x7f8c57472f27]
5 0x7f8c574736cc /home/charlie/WebKit/WebKitWPE/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::JSFunction::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)+0x28c) [0x7f8c574736cc]
6 0x7f8c56be18ce /home/charlie/WebKit/WebKitWPE/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::JSCell::putInline(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)+0x9e) [0x7f8c56be18ce]
7 0x7f8c56be4b77 /home/charlie/WebKit/WebKitWPE/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(JSC::JSValue::putInline(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)+0x83) [0x7f8c56be4b77]
8 0x7f8c571e53a2 /home/charlie/WebKit/WebKitWPE/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x282f3a2) [0x7f8c571e53a2]
9 0x7f8c057497d0 [0x7f8c057497d0]
Mark Lam
https://bugs.webkit.org/show_bug.cgi?id=187091 should have fixed this. Without 187091's patch, I saw many failures running the JSC tests locally with a debug build. With the 187091's patch, I get 0 failures.
Resolving this as a dupe.
*** This bug has been marked as a duplicate of bug 187091 ***