+++ This bug was initially created as a clone of Bug #149162 +++ http://trac.webkit.org/changeset/189774 made Speedometer/Full.html test crash on the performance bots: - Apple Yosemite: https://build.webkit.org/builders/Apple%20Yosemite%20Release%20WK2%20%28Perf%29/builds/2904 - Apple Mavericks: https://build.webkit.org/builders/Apple%20Mavericks%20Release%20WK2%20%28Perf%29/builds/5762 - EFL: https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/6860 - GTK: https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Perf%29/builds/4051 ----- It was relanded in http://trac.webkit.org/changeset/189884 , but unfortunately Speedometer/Full.html is still crashing on Linux performance bots: - https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Perf%29/builds/4071 - https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/6877 crash log from the EFL bot: Running Speedometer/Full.html (150 of 150) error: Speedometer/Full.html 1 0x7f8ec5735488 2 0x7f8ec5913eb0 3 0x7f8ec53869ef JSC::SlotVisitor::drain() 4 0x7f8ec5371d8f JSC::Heap::markRoots(double, void*, void*, __jmp_buf_tag (&) [1]) 5 0x7f8ec537c6b3 JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, __jmp_buf_tag (&) [1]) 6 0x7f8ec537c948 JSC::Heap::collect(JSC::HeapOperation) 7 0x7f8ec5381e35 JSC::MarkedAllocator::allocateSlowCase(unsigned long) 8 0x7f8ec540cce0 JSC::Structure::prototypeChain(JSC::ExecState*) const 9 0x7f8ec540cee4 JSC::propertyNameEnumerator(JSC::ExecState*, JSC::JSObject*) 10 0x7f8e68081b4c FAILED
It seems http://trac.webkit.org/changeset/189884 is innocent, http://trac.webkit.org/changeset/189889 is the culprit. I tested it on EFL, it passes on r189888, but fails on r189889.
This GC related regresssion is still valid. Isn't anybody interested in fixing it?
Is this still happening?