This test has started to flakily fail on multiple bots, presumably due to http://trac.webkit.org/changeset/181993 https://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=js%2Fregress%2Finline-arguments-local-escape.html
<rdar://problem/20310708>
This test is still flakily failing.
(In reply to comment #2) > This test is still flakily failing. OK, looking at it now.
Turns out to be a pretty bad bug. PreciseLocalClobberize's readTop() method is totally wrong for accesses to "escaped" arguments. There are a handful of ways to fix this and I'll investigate. Here's a version of the test that crashes every time: function foo() { return arguments; } function bar(a, b, c, i) { var a = foo(b, c, 42); return a[i]; } noInline(bar); var expected = [2, 3, 42]; for (var i = 0; i < 10000; ++i) { var result = bar(1, 2, 3, i % 3); if (result != expected[i % 3]) throw "Error: bad result: " + result; }
Same bug, involving ForwardVarargs: function foo() { return arguments; } function baz(a, b, c) { return a + b + c; } function bar(a, b, c) { var args = foo(b, c, 42); return baz.apply(void 0, args); } noInline(bar); for (var i = 0; i < 10000; ++i) { var result = bar(1, 2, 3); if (result != 47) throw "Error: bad result: " + result; }
Created attachment 249738 [details] hopefully the patch Not yet ready for review. I'm still running tests.
Comment on attachment 249738 [details] hopefully the patch Looks like it works!
Comment on attachment 249738 [details] hopefully the patch r=me
Comment on attachment 249738 [details] hopefully the patch Clearing flags on attachment: 249738 Committed r182148: <http://trac.webkit.org/changeset/182148>
All reviewed patches have been landed. Closing bug.