156309 – JSC test stress/arrowfunction-lexical-bind-superproperty.js failing

Bug 156309 - JSC test stress/arrowfunction-lexical-bind-superproperty.js failing

Summary: JSC test stress/arrowfunction-lexical-bind-superproperty.js failing

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Filip Pizlo

URL:
Keywords:	InRadar

Depends on:
Blocks:	156998
	Show dependency tree / graph

Reported:	2016-04-06 13:50 PDT by Ryan Haddad
Modified:	2016-05-02 20:37 PDT (History)
CC List:	6 users (show)

See Also:	155598

Attachments
Crash log (43.11 KB, application/octet-stream) 2016-04-06 13:51 PDT, Keith Miller	no flags	Details
the patch (2.38 KB, patch) 2016-04-06 16:41 PDT, Filip Pizlo	saam: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ryan Haddad 2016-04-06 13:50:22 PDT

JSC test stress/arrowfunction-lexical-bind-superproperty.js failing

stress/arrowfunction-lexical-bind-superproperty.js.dfg-maximal-flush-validate-no-cjit
stress/arrowfunction-lexical-bind-superproperty.js.ftl-no-cjit-no-put-stack-validate
stress/arrowfunction-lexical-bind-superproperty.js.ftl-no-cjit-validate-sampling-profiler
stress/arrowfunction-lexical-bind-superproperty.js.no-cjit-validate-phases

<https://build.webkit.org/builders/Apple%20El%20Capitan%20Release%20JSC%20%28Tests%29/builds/4829/steps/jscore-test/logs/stdio>

Comment 1 Keith Miller 2016-04-06 13:51:39 PDT

Created attachment 275815 [details]
Crash log

Comment 2 Ryan Haddad 2016-04-06 13:52:32 PDT

May be related to <https://trac.webkit.org/changeset/199076>

Comment 3 Filip Pizlo 2016-04-06 14:12:04 PDT

Interesting.  I will fix.

Comment 4 Filip Pizlo 2016-04-06 14:37:34 PDT

I have an elagant fix to this bug, but I don't know yet if it's perf-neutral.

Comment 5 Filip Pizlo 2016-04-06 14:38:04 PDT

Oh, and the bug that this is revealing is a preexisting condition: our stack scanner assumes that callee/argumentCount are also valid while the compiler thinks otherwise.

Comment 6 Filip Pizlo 2016-04-06 16:41:59 PDT

Created attachment 275830 [details]
the patch

Comment 7 Filip Pizlo 2016-04-06 18:12:15 PDT

Landed in http://trac.webkit.org/changeset/199129

Comment 8 David Kilzer (:ddkilzer) 2016-04-22 12:59:30 PDT

<rdar://problem/24894592>