Bug 197885

Summary: REGRESSION (r245249): ASSERTION FAILED: !m_needExceptionCheck seen with stress/proxy-delete.js and stress/proxy-property-descriptor.js
Product: WebKit Reporter: Ryan Haddad <ryanhaddad>
Component: JavaScriptCoreAssignee: Tadeu Zagallo <tzagallo>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bot-watchers-bugzilla, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=197693
Attachments:
Description Flags
Patch none

Ryan Haddad
Reported 2019-05-14 09:47:08 PDT
ASSERTION FAILED: !m_needExceptionCheck seen with stress/proxy-delete.js and stress/proxy-property-descriptor.js on the JSC Debug bot stress/proxy-delete.js.default: ERROR: Unchecked JS exception: stress/proxy-delete.js.default: This scope can throw a JS exception: getOwnPropertyDescriptor @ ./runtime/JSObject.cpp:3444 stress/proxy-delete.js.default: (ExceptionScope::m_recursionDepth was 6) stress/proxy-delete.js.default: But the exception was unchecked as of this scope: performDelete @ ./runtime/ProxyObject.cpp:615 stress/proxy-delete.js.default: (ExceptionScope::m_recursionDepth was 5) stress/proxy-delete.js.default: stress/proxy-delete.js.default: Unchecked exception detected at: stress/proxy-delete.js.default: 1 0x1140c10b3 JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&) stress/proxy-delete.js.default: 2 0x114098e21 JSC::ThrowScope::throwException(JSC::ExecState*, JSC::JSObject*) stress/proxy-delete.js.default: 3 0x112e6ea15 JSC::throwException(JSC::ExecState*, JSC::ThrowScope&, JSC::JSObject*) stress/proxy-delete.js.default: 4 0x113e17557 JSC::throwTypeError(JSC::ExecState*, JSC::ThrowScope&, WTF::String const&) stress/proxy-delete.js.default: 5 0x113e176d0 JSC::throwTypeError(JSC::ExecState*, JSC::ThrowScope&, WTF::ASCIILiteral) stress/proxy-delete.js.default: 6 0x1137364ad JSC::throwVMTypeError(JSC::ExecState*, JSC::ThrowScope&, WTF::ASCIILiteral) stress/proxy-delete.js.default: 7 0x11400ad71 bool JSC::ProxyObject::performDelete<JSC::ProxyObject::deleteProperty(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName)::$_4>(JSC::ExecState*, JSC::PropertyName, JSC::ProxyObject::deleteProperty(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName)::$_4) stress/proxy-delete.js.default: 8 0x1140057c5 JSC::ProxyObject::deleteProperty(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName) stress/proxy-delete.js.default: 9 0x113b59523 operationDeleteById stress/proxy-delete.js.default: 10 0x113b59345 operationDeleteByIdJSResult stress/proxy-delete.js.default: 11 0x7491489f233 stress/proxy-delete.js.default: 12 0x112e3ce13 vmEntryToJavaScript stress/proxy-delete.js.default: 13 0x113abc00e JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) stress/proxy-delete.js.default: 14 0x113abb5a0 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) stress/proxy-delete.js.default: 15 0x113de7345 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) stress/proxy-delete.js.default: 16 0x10fc5e277 runWithOptions(GlobalObject*, CommandLine&, bool&) stress/proxy-delete.js.default: 17 0x10fc33daa jscmain(int, char**)::$_6::operator()(JSC::VM&, GlobalObject*, bool&) const stress/proxy-delete.js.default: 18 0x10fc13204 int runJSC<jscmain(int, char**)::$_6>(CommandLine const&, bool, jscmain(int, char**)::$_6 const&) stress/proxy-delete.js.default: 19 0x10fc11931 jscmain(int, char**) stress/proxy-delete.js.default: 20 0x10fc1179e main stress/proxy-delete.js.default: 21 0x7fff615ed015 start https://build.webkit.org/builders/Apple%20High%20Sierra%20Debug%20JSC%20%28Tests%29/builds/2788
Attachments
Patch (2.63 KB, patch)
2019-05-14 10:12 PDT, Tadeu Zagallo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-05-14 09:47:42 PDT
<rdar://problem/50770190>
Radar WebKit Bug Importer
Comment 2 2019-05-14 09:47:43 PDT
<rdar://problem/50770194>
Tadeu Zagallo
Comment 3 2019-05-14 10:12:42 PDT
Created attachment 369864 [details] Patch
Yusuke Suzuki
Comment 4 2019-05-14 14:10:15 PDT
Comment on attachment 369864 [details] Patch r=me
WebKit Commit Bot
Comment 5 2019-05-14 14:38:18 PDT
Comment on attachment 369864 [details] Patch Clearing flags on attachment: 369864 Committed r245311: <https://trac.webkit.org/changeset/245311>
WebKit Commit Bot
Comment 6 2019-05-14 14:38:19 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.