RESOLVED FIXED 160881
[Regression 204203-204210] 32-bit ASSERTION FAILED: !m_data[index].name.isValid() 
https://bugs.webkit.org/show_bug.cgi?id=160881
Summary [Regression 204203-204210] 32-bit ASSERTION FAILED: !m_data[index].name.isVal...
Mark Lam
Reported 2016-08-15 17:01:55 PDT
The mozilla-tests.yaml/ecma/LexicalConventions/7.7.3.js.mozilla-dfg-eager-no-cjit-validate-phases test is failing on the 32-bit JSC test bot: https://build.webkit.org/builders/Apple%20El%20Capitan%2032-bit%20JSC%20%28BuildAndTest%29/builds/3166 ASSERTION FAILED: !m_data[index].name.isValid() /Volumes/Data/slave/elcapitan-32bitJSC-debug/build/Source/JavaScriptCore/dfg/DFGRegisterBank.h(168) : void JSC::DFG::RegisterBank<JSC::GPRInfo>::retain(RegID, JSC::VirtualRegister, SpillHint) [BankInfo = JSC::GPRInfo] 1 0xe83c8d WTFCrash 2 0x6b147b JSC::DFG::RegisterBank<JSC::GPRInfo>::retain(JSC::X86Registers::RegisterID, JSC::VirtualRegister, unsigned int) 3 0x6b57f6 JSC::DFG::SpeculativeJIT::jsValueResult(JSC::X86Registers::RegisterID, JSC::X86Registers::RegisterID, JSC::DFG::Node*, JSC::DataFormat, JSC::DFG::SpeculativeJIT::UseChildrenMode) 4 0x7089e3 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) 5 0x67f1dc JSC::DFG::SpeculativeJIT::compileCurrentBlock() 6 0x67fb82 JSC::DFG::SpeculativeJIT::compile() 7 0x5280ec JSC::DFG::JITCompiler::compileBody() 8 0x52bd5a JSC::DFG::JITCompiler::compileFunction() 9 0x6316bc JSC::DFG::Plan::compileInThreadImpl() 10 0x6301af JSC::DFG::Plan::compileInThread(JSC::DFG::ThreadData*) 11 0x4a6d95 JSC::DFG::compileImpl(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue> const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>) 12 0x4a67b2 JSC::DFG::compile(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue> const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>) 13 0x960f45 operationOptimize 14 0x2b80456 15 0xb57c01 llint_entry 16 0xb525ac vmEntryToJavaScript 17 0x946bd2 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 18 0x8e4e5e JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) 19 0x2c3818 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) 20 0x686df runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::String const&, bool, bool) 21 0x67856 runJSC(JSC::VM*, CommandLine) 22 0x66699 jscmain(int, char**) 23 0x66506 main 24 0x97baf6ad start 25 0x13
Attachments
Patch (2.01 KB, patch)
2016-08-15 18:52 PDT, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2016-08-15 17:06:44 PDT
Line for running the test: $ jsc --useFTLJIT\=false --useFunctionDotArguments\=true --maxPerThreadStackUsage\=1572864 --validateBytecode\=true --validateGraphAtEachPhase\=true --useConcurrentJIT\=false --thresholdForJITAfterWarmUp\=100 --thresholdForJITAfterWarmUp\=10 --thresholdForJITSoon\=10 --thresholdForOptimizeAfterWarmUp\=20 --thresholdForOptimizeAfterLongWarmUp\=20 --thresholdForOptimizeSoon\=20 --thresholdForFTLOptimizeAfterWarmUp\=20 --thresholdForFTLOptimizeSoon\=20 --maximumEvalCacheableSourceLength\=150000 --useEagerCodeBlockJettisonTiming\=true ../shell.js 7.7.3.js
Benjamin Poulain
Comment 2 2016-08-15 18:52:29 PDT
Created attachment 286133 [details] Patch
Mark Lam
Comment 3 2016-08-15 19:25:33 PDT
Comment on attachment 286133 [details] Patch r=me
WebKit Commit Bot
Comment 4 2016-08-15 21:19:11 PDT
Comment on attachment 286133 [details] Patch Clearing flags on attachment: 286133 Committed r204495: <http://trac.webkit.org/changeset/204495>
WebKit Commit Bot
Comment 5 2016-08-15 21:19:15 PDT
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 6 2016-08-15 22:53:33 PDT
*** Bug 160662 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 7 2016-08-16 09:34:15 PDT
*** Bug 160662 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.