Bug 165669 - REGRESSION (r209554-209571): stress/poly-setter-combo crashing
Summary: REGRESSION (r209554-209571): stress/poly-setter-combo crashing
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P1 Normal
Assignee: Filip Pizlo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-09 11:57 PST by Alexey Proskuryakov
Modified: 2016-12-09 20:28 PST (History)
10 users (show)

See Also:

Attachments
crash log (53.38 KB, text/plain)
2016-12-09 11:59 PST, Alexey Proskuryakov 		no flags Details
the patch (3.37 KB, patch)
2016-12-09 14:26 PST, Filip Pizlo 		ggaren: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Proskuryakov 2016-12-09 11:57:41 PST 
Variations of stress/poly-setter-combo have started to crash yesterday.

JSC changes in this range:
https://trac.webkit.org/changeset/209560 (wasm)
https://trac.webkit.org/changeset/209568 (SharedArrayBuffer)
https://trac.webkit.org/changeset/209570 (Concurrent GC)
Comment 1 Filip Pizlo 2016-12-09 11:58:16 PST 
Crash log?
Comment 2 Alexey Proskuryakov 2016-12-09 11:58:16 PST 
Forgot to say, this is on 32-bit JSC test bots.
Comment 3 Filip Pizlo 2016-12-09 11:58:39 PST 
(In reply to comment #1)
> Crash log?

Actually, no need to fish.  I'm almost done building and will probably repro shortly..
Comment 4 Alexey Proskuryakov 2016-12-09 11:59:53 PST 
Created attachment 296669 [details]
crash log
Comment 5 Filip Pizlo 2016-12-09 12:03:35 PST 
(In reply to comment #4)
> Created attachment 296669 [details]
> crash log

Thank you!!

This is an incredible crash log: it is a typical concurrent GC crash but it's in a config where concurrent GC is disabled.  Looking more...
Comment 6 Filip Pizlo 2016-12-09 14:10:56 PST 
I have a fix.  This is a 32-bit-only bug, not a concurrent GC bug, and we need the fix regardless of whether the concurrent GC is enabled.

Testing the fix now...
Comment 7 Filip Pizlo 2016-12-09 14:26:53 PST 
Created attachment 296699 [details]
the patch
Comment 8 Geoffrey Garen 2016-12-09 14:28:53 PST 
Comment on attachment 296699 [details]
the patch

Ack!

r=me
Comment 9 Filip Pizlo 2016-12-09 20:28:24 PST 
Landed in https://trac.webkit.org/changeset/209647