WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
156292
32-bit JSC stress/multi-put-by-offset-multiple-transitions.js failing
https://bugs.webkit.org/show_bug.cgi?id=156292
Summary
32-bit JSC stress/multi-put-by-offset-multiple-transitions.js failing
Ryan Haddad
Reported
2016-04-06 09:31:02 PDT
JSC stress/multi-put-by-offset-multiple-transitions.js failing <
https://build.webkit.org/builders/Apple%20El%20Capitan%2032-bit%20JSC%20%28BuildAndTest%29/builds/2006/steps/webkit-32bit-jsc-test/logs/stdio
> ** The following JSC stress test failures have been introduced: stress/multi-put-by-offset-multiple-transitions.js.always-trigger-copy-phase stress/multi-put-by-offset-multiple-transitions.js.default stress/multi-put-by-offset-multiple-transitions.js.default-ftl stress/multi-put-by-offset-multiple-transitions.js.dfg-eager stress/multi-put-by-offset-multiple-transitions.js.dfg-eager-no-cjit-validate stress/multi-put-by-offset-multiple-transitions.js.dfg-maximal-flush-validate-no-cjit stress/multi-put-by-offset-multiple-transitions.js.ftl-eager stress/multi-put-by-offset-multiple-transitions.js.ftl-eager-no-cjit stress/multi-put-by-offset-multiple-transitions.js.ftl-no-cjit-no-put-stack-validate stress/multi-put-by-offset-multiple-transitions.js.ftl-no-cjit-small-pool stress/multi-put-by-offset-multiple-transitions.js.ftl-no-cjit-validate-sampling-profiler stress/multi-put-by-offset-multiple-transitions.js.no-cjit-validate-phases stress/multi-put-by-offset-multiple-transitions.js.no-llint stress/multi-put-by-offset-multiple-transitions.js.default: ASSERTION FAILED: codeBlock->canGetCodeOrigin(index) stress/multi-put-by-offset-multiple-transitions.js.default: /Volumes/Data/slave/elcapitan-32bitJSC-debug/build/Source/JavaScriptCore/interpreter/StackVisitor.cpp(114) : void JSC::StackVisitor::readFrame(CallFrame *) stress/multi-put-by-offset-multiple-transitions.js.default: 1 0xe4707d WTFCrash stress/multi-put-by-offset-multiple-transitions.js.default: 2 0xd4f180 JSC::StackVisitor::readFrame(JSC::ExecState*) stress/multi-put-by-offset-multiple-transitions.js.default: 3 0xd4effd JSC::StackVisitor::StackVisitor(JSC::ExecState*) stress/multi-put-by-offset-multiple-transitions.js.default: 4 0xd4f364 JSC::StackVisitor::StackVisitor(JSC::ExecState*) stress/multi-put-by-offset-multiple-transitions.js.default: 5 0xa7c014 void JSC::StackVisitor::visit<JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*)::$_1>(JSC::ExecState*, JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*)::$_1 const&) stress/multi-put-by-offset-multiple-transitions.js.default: 6 0xa7bc83 JSC::ShadowChicken::update(JSC::VM&, JSC::ExecState*) stress/multi-put-by-offset-multiple-transitions.js.default: 7 0x7ef056 JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, int (&) [18]) stress/multi-put-by-offset-multiple-transitions.js.default: 8 0x7eee2e JSC::Heap::collect(JSC::HeapOperation) stress/multi-put-by-offset-multiple-transitions.js.default: 9 0x16de76 JSC::Heap::collectIfNecessaryOrDefer() stress/multi-put-by-offset-multiple-transitions.js.default: 10 0x16dd95 JSC::Heap::decrementDeferralDepthAndGCIfNeeded() stress/multi-put-by-offset-multiple-transitions.js.default: 11 0x16dd69 JSC::DeferGC::~DeferGC() stress/multi-put-by-offset-multiple-transitions.js.default: 12 0x16c267 JSC::DeferGC::~DeferGC() stress/multi-put-by-offset-multiple-transitions.js.default: 13 0x184fbe JSC::JSObject::setStructureAndReallocateStorageIfNecessary(JSC::VM&, unsigned int, JSC::Structure*) stress/multi-put-by-offset-multiple-transitions.js.default: 14 0x18491b JSC::JSObject::setStructureAndReallocateStorageIfNecessary(JSC::VM&, JSC::Structure*) stress/multi-put-by-offset-multiple-transitions.js.default: 15 0x93ea3e operationReallocateStorageAndFinishPut stress/multi-put-by-offset-multiple-transitions.js.default: 16 0x295d567 stress/multi-put-by-offset-multiple-transitions.js.default: 17 0x2960436 stress/multi-put-by-offset-multiple-transitions.js.default: 18 0xb2185c vmEntryToJavaScript stress/multi-put-by-offset-multiple-transitions.js.default: 19 0x928e82 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) stress/multi-put-by-offset-multiple-transitions.js.default: 20 0x8db0c9 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) stress/multi-put-by-offset-multiple-transitions.js.default: 21 0x2f8c48 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) stress/multi-put-by-offset-multiple-transitions.js.default: 22 0xc3cdc runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow, 16ul> const&, bool, bool) stress/multi-put-by-offset-multiple-transitions.js.default: 23 0xc30ef runJSC(JSC::VM*, CommandLine) stress/multi-put-by-offset-multiple-transitions.js.default: 24 0xc246a jscmain(int, char**) stress/multi-put-by-offset-multiple-transitions.js.default: 25 0xc22f6 main stress/multi-put-by-offset-multiple-transitions.js.default: 26 0x9633d6ad start stress/multi-put-by-offset-multiple-transitions.js.default: test_script_15870: line 2: 43021 Segmentation fault: 11 ( "$@" ../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true multi-put-by-offset-multiple-transitions.js )
Attachments
the patch
(1.56 KB, patch)
2016-04-06 18:34 PDT
,
Filip Pizlo
benjamin
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Ryan Haddad
Comment 1
2016-04-06 09:32:39 PDT
The two JSC changes in the first failing run were <
https://trac.webkit.org/changeset/199073
> and <
https://trac.webkit.org/changeset/199075
>.
r199073
was rolled out in
r199084
for an unrelated reason, but the tests are still failing.
Ryan Haddad
Comment 2
2016-04-06 17:11:47 PDT
Filip, is this something you can look at soon or should we go ahead and roll out
r199075
?
Filip Pizlo
Comment 3
2016-04-06 18:15:43 PDT
This is going to be an easy fix. The code leading up to the call to operationReallocateStorageAndFinishPut doesn't stash the callsite index.
Filip Pizlo
Comment 4
2016-04-06 18:15:58 PDT
(I have a fix, testing locally.)
Filip Pizlo
Comment 5
2016-04-06 18:34:46 PDT
Created
attachment 275843
[details]
the patch
Filip Pizlo
Comment 6
2016-04-06 18:44:44 PDT
Landed in
http://trac.webkit.org/changeset/199132
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug