last known good revision: r206549 first known bad revision: r206555 - https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/10046 - https://build.webkit.org/builders/Apple%20Yosemite%20Release%20WK2%20%28Perf%29/builds/6207 - https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Perf%29/builds/6740
forced perf test on r206552 to bisect this bug: https://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK2%20%28Perf%29/builds/10051
I think one of the following change caused this regression: The write barrier should be down with TSO https://bugs.webkit.org/show_bug.cgi?id=162316 https://trac.webkit.org/changeset/206555 Fix race condition in StringView's UnderlyingString lifecycle management. https://bugs.webkit.org/show_bug.cgi?id=162702 https://trac.webkit.org/changeset/206552
(In reply to comment #1) > forced perf test on r206552 to bisect this bug: > https://build.webkit.org/builders/EFL%20Linux%2064- > bit%20Release%20WK2%20%28Perf%29/builds/10051 r206552 is good, r206553 and r206554 are unrelated change, so r206555 is the culprit.
I will look!
Created attachment 290206 [details] Crashlog Crashlog from El Capitan perf bot.
I can repro in minibrowser.
Looks like this is a case of a missing barrier, since the crash does not happen with gengc disabled.
It looks as though the crash happens with the DFG JIT disabled.
This seems to require the baseline JIT.
I have a theory about what it is. I'm testing it now.
Nope, still crashes. I thought it was because put_by_id's slow path was sometimes linking to after the barrier, but that's not the problem.
Looks like this has something to do with put_by_val.
I have a fix!!!
The problem is that the barrier in the put_by_id-in-put_by_val thing (JIT::privateCompileGetByValWithCachedId) did its write barrier all wrong. The fix is easy but I need to test a lot of things. ETA for patch 30 mins.
Created attachment 290272 [details] the patch
Comment on attachment 290272 [details] the patch r=me.
Landed in https://trac.webkit.org/changeset/206628