Bug 160881 - [Regression 204203-204210] 32-bit ASSERTION FAILED: !m_data[index].name.isValid()
Summary: [Regression 204203-204210] 32-bit ASSERTION FAILED: !m_data[index].name.isVal...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Benjamin Poulain
URL:
Keywords:
: 160662 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-08-15 17:01 PDT by Mark Lam
Modified: 2016-08-16 09:34 PDT (History)
9 users (show)

See Also:

Attachments
Patch (2.01 KB, patch)
2016-08-15 18:52 PDT, Benjamin Poulain 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2016-08-15 17:01:55 PDT 
The mozilla-tests.yaml/ecma/LexicalConventions/7.7.3.js.mozilla-dfg-eager-no-cjit-validate-phases test is failing on the 32-bit JSC test bot: https://build.webkit.org/builders/Apple%20El%20Capitan%2032-bit%20JSC%20%28BuildAndTest%29/builds/3166

ASSERTION FAILED: !m_data[index].name.isValid()
/Volumes/Data/slave/elcapitan-32bitJSC-debug/build/Source/JavaScriptCore/dfg/DFGRegisterBank.h(168) : void JSC::DFG::RegisterBank<JSC::GPRInfo>::retain(RegID, JSC::VirtualRegister, SpillHint) [BankInfo = JSC::GPRInfo]
1   0xe83c8d WTFCrash
2   0x6b147b JSC::DFG::RegisterBank<JSC::GPRInfo>::retain(JSC::X86Registers::RegisterID, JSC::VirtualRegister, unsigned int)
3   0x6b57f6 JSC::DFG::SpeculativeJIT::jsValueResult(JSC::X86Registers::RegisterID, JSC::X86Registers::RegisterID, JSC::DFG::Node*, JSC::DataFormat, JSC::DFG::SpeculativeJIT::UseChildrenMode)
4   0x7089e3 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*)
5   0x67f1dc JSC::DFG::SpeculativeJIT::compileCurrentBlock()
6   0x67fb82 JSC::DFG::SpeculativeJIT::compile()
7   0x5280ec JSC::DFG::JITCompiler::compileBody()
8   0x52bd5a JSC::DFG::JITCompiler::compileFunction()
9   0x6316bc JSC::DFG::Plan::compileInThreadImpl()
10  0x6301af JSC::DFG::Plan::compileInThread(JSC::DFG::ThreadData*)
11  0x4a6d95 JSC::DFG::compileImpl(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue> const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>)
12  0x4a67b2 JSC::DFG::compile(JSC::VM&, JSC::CodeBlock*, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue> const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>)
13  0x960f45 operationOptimize
14  0x2b80456
15  0xb57c01 llint_entry
16  0xb525ac vmEntryToJavaScript
17  0x946bd2 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
18  0x8e4e5e JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*)
19  0x2c3818 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
20  0x686df runWithScripts(GlobalObject*, WTF::Vector<Script, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::String const&, bool, bool)
21  0x67856 runJSC(JSC::VM*, CommandLine)
22  0x66699 jscmain(int, char**)
23  0x66506 main
24  0x97baf6ad start
25  0x13
Comment 1 Mark Lam 2016-08-15 17:06:44 PDT 
Line for running the test:

$ jsc --useFTLJIT\=false --useFunctionDotArguments\=true --maxPerThreadStackUsage\=1572864 --validateBytecode\=true --validateGraphAtEachPhase\=true --useConcurrentJIT\=false --thresholdForJITAfterWarmUp\=100 --thresholdForJITAfterWarmUp\=10 --thresholdForJITSoon\=10 --thresholdForOptimizeAfterWarmUp\=20 --thresholdForOptimizeAfterLongWarmUp\=20 --thresholdForOptimizeSoon\=20 --thresholdForFTLOptimizeAfterWarmUp\=20 --thresholdForFTLOptimizeSoon\=20 --maximumEvalCacheableSourceLength\=150000 --useEagerCodeBlockJettisonTiming\=true ../shell.js 7.7.3.js
Comment 2 Benjamin Poulain 2016-08-15 18:52:29 PDT 
Created attachment 286133 [details]
Patch
Comment 3 Mark Lam 2016-08-15 19:25:33 PDT 
Comment on attachment 286133 [details]
Patch

r=me
Comment 4 WebKit Commit Bot 2016-08-15 21:19:11 PDT 
Comment on attachment 286133 [details]
Patch

Clearing flags on attachment: 286133

Committed r204495: <http://trac.webkit.org/changeset/204495>
Comment 5 WebKit Commit Bot 2016-08-15 21:19:15 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 6 Alexey Proskuryakov 2016-08-15 22:53:33 PDT 
*** Bug 160662 has been marked as a duplicate of this bug. ***
Comment 7 Alexey Proskuryakov 2016-08-16 09:34:15 PDT 
*** Bug 160662 has been marked as a duplicate of this bug. ***