When running Speedometer (browser bench.org) with r209653 you get a crash like: Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: EXC_I386_GPFLT Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] Application Specific Information: Bundle controller class: BrowserBundleController Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010beeaa1a JSC::StructureIDTable::get(unsigned int) + 42 (StructureIDTable.h:124) 1 com.apple.JavaScriptCore 0x000000010beea9c3 JSC::VM::getStructure(unsigned int) + 51 (VM.h:494) 2 com.apple.JavaScriptCore 0x000000010beea8af JSC::JSCell::structure(JSC::VM&) const + 31 (JSCellInlines.h:115) 3 com.apple.JavaScriptCore 0x000000010beeabb3 JSC::JSCell::classInfo() const + 147 (JSCellInlines.h:276) 4 com.apple.JavaScriptCore 0x000000010beeaaf9 JSC::JSCell::inherits(JSC::ClassInfo const*) const + 25 (JSCellInlines.h:250) 5 com.apple.JavaScriptCore 0x000000010bf71c40 JSC::JSObject* JSC::jsCast<JSC::JSObject*, JSC::JSCell>(JSC::JSCell*) + 48 (JSCell.h:265) 6 com.apple.JavaScriptCore 0x000000010bf71bff JSC::asObject(JSC::JSCell*) + 79 (JSObject.h:1271) 7 com.apple.JavaScriptCore 0x000000010c0a8926 JSC::JSValue::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 230 (JSCJSValueInlines.h:825) 8 com.apple.JavaScriptCore 0x000000010cab6ccd std::__1::result_of<operationGetByIdOptimize::$_0 (bool, JSC::PropertySlot&)>::type JSC::JSValue::getPropertySlot<operationGetByIdOptimize::$_0>(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&, operationGetByIdOptimize::$_0) const + 173 (JSCJSValueInlines.h:808) 9 com.apple.JavaScriptCore 0x000000010caa52b0 std::__1::result_of<operationGetByIdOptimize::$_0 (bool, JSC::PropertySlot&)>::type JSC::JSValue::getPropertySlot<operationGetByIdOptimize::$_0>(JSC::ExecState*, JSC::PropertyName, operationGetByIdOptimize::$_0) const + 192 (JSCJSValueInlines.h:801) 10 com.apple.JavaScriptCore 0x000000010caa51b0 operationGetByIdOptimize + 352 (JITOperations.cpp:261) 11 ??? 0x0000585f62654130 0 + 97166695940400 12 ??? 0x0000585f62ab6da6 0 + 97166700539302 13 ??? 0x0000585f62e14fc1 0 + 97166704070593 14 ??? 0x0000585f626100b2 0 + 97166695661746 15 com.apple.JavaScriptCore 0x000000010ccba43b llint_entry + 29863 (LowLevelInterpreter.asm:778) 16 ??? 0x0000585f62611306 0 + 97166695666438 17 ??? 0x0000585f626170fc 0 + 97166695690492 18 ??? 0x0000585f628e71df 0 + 97166698639839 19 com.apple.JavaScriptCore 0x000000010ccb2d7e vmEntryToJavaScript + 334 (LowLevelInterpreter64.asm:256) 20 com.apple.JavaScriptCore 0x000000010ca96e22 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 354 (JITCode.cpp:81) 21 com.apple.JavaScriptCore 0x000000010ca12aaf JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1215 (Interpreter.cpp:944) 22 com.apple.JavaScriptCore 0x000000010c1ee068 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 184 (CallData.cpp:39) 23 com.apple.JavaScriptCore 0x000000010c1ee179 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 201 (CallData.cpp:46) 24 com.apple.JavaScriptCore 0x000000010c1ee3ed JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 125 (CallData.cpp:65) 25 com.apple.WebCore 0x000000011092e4db WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 139 (JSMainThreadExecState.h:75) 26 com.apple.WebCore 0x0000000110bf68a9 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1801 (JSEventListener.cpp:144) 27 com.apple.WebCore 0x0000000110109846 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) + 742 (EventTarget.cpp:253) 28 com.apple.WebCore 0x0000000110109433 WebCore::EventTarget::fireEventListeners(WebCore::Event&) + 323 (EventTarget.cpp:200)
Created attachment 296894 [details] Patch Note, this patch will not apply to the current ToT. It is meant to apply after rolling back in the changes rolled out in https://bugs.webkit.org/show_bug.cgi?id=165739.
Created attachment 296923 [details] Patch with fix and roll in of reverted revisions
Attachment 296923 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/dfg/DFGJITFinalizer.cpp:45: Wrong number of spaces before statement. (expected: 8) [whitespace/indent] [4] ERROR: Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:444: Multi line control clauses should use braces. [whitespace/braces] [4] ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:863: Should have only a single space after a punctuation in a comment. [whitespace/comments] [5] ERROR: Source/JavaScriptCore/ftl/FTLOutput.h:101: The parameter name "reg" adds no information, so it should be removed. [readability/parameter_name] [5] ERROR: Source/JavaScriptCore/ftl/FTLOutput.h:102: The parameter name "reg" adds no information, so it should be removed. [readability/parameter_name] [5] ERROR: Source/JavaScriptCore/ftl/FTLLink.cpp:293: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] ERROR: Source/JavaScriptCore/jit/JSInterfaceJIT.h:66: The parameter name "reg" adds no information, so it should be removed. [readability/parameter_name] [5] ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1213: Multi line control clauses should use braces. [whitespace/braces] [4] Total errors found: 8 in 106 files If any of these errors are false positives, please file a bug against check-webkit-style.
Created attachment 296929 [details] Updated unified patch with JITEntryPoints.h included
Attachment 296929 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/dfg/DFGJITFinalizer.cpp:45: Wrong number of spaces before statement. (expected: 8) [whitespace/indent] [4] ERROR: Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:444: Multi line control clauses should use braces. [whitespace/braces] [4] ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:863: Should have only a single space after a punctuation in a comment. [whitespace/comments] [5] ERROR: Source/JavaScriptCore/ftl/FTLOutput.h:101: The parameter name "reg" adds no information, so it should be removed. [readability/parameter_name] [5] ERROR: Source/JavaScriptCore/ftl/FTLOutput.h:102: The parameter name "reg" adds no information, so it should be removed. [readability/parameter_name] [5] ERROR: Source/JavaScriptCore/ftl/FTLLink.cpp:293: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] ERROR: Source/JavaScriptCore/jit/JITEntryPoints.h:205: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/JavaScriptCore/jit/JITEntryPoints.h:206: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/JavaScriptCore/jit/JITEntryPoints.h:216: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/JavaScriptCore/jit/JSInterfaceJIT.h:66: The parameter name "reg" adds no information, so it should be removed. [readability/parameter_name] [5] ERROR: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1213: Multi line control clauses should use braces. [whitespace/braces] [4] Total errors found: 11 in 107 files If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 296929 [details] Updated unified patch with JITEntryPoints.h included Attachment 296929 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/2706191 New failing tests: inspector/codemirror/prettyprinting-css-rules.html
Created attachment 296937 [details] Archive of layout-test-results from ews101 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-yosemite Platform: Mac OS X 10.10.5
Comment on attachment 296929 [details] Updated unified patch with JITEntryPoints.h included Attachment 296929 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/2706206 New failing tests: inspector/codemirror/prettyprinting-css-rules.html
Created attachment 296940 [details] Archive of layout-test-results from ews105 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Committed r209725: <http://trac.webkit.org/changeset/209725>
(In reply to comment #10) > Committed r209725: <http://trac.webkit.org/changeset/209725> It made zillion tests crash on ARMv7 Thumb2 platform: https://build.webkit.org/builders/JSCOnly%20Linux%20ARMv7%20Thumb2%20Release/builds/2975 (ARMv7 with ARM instruction set works fine.)
Re-opened since this is blocked by bug 165811
Is this still happening? Surprised that we could have Speedometer crashing for a week.
(In reply to comment #13) > Is this still happening? Surprised that we could have Speedometer crashing > for a week. No. The roll out was for all of the Register Calling changes in <https://bugs.webkit.org/show_bug.cgi?id=160355>. Reopened that bug and will close this bug and re
Comment on attachment 296929 [details] Updated unified patch with JITEntryPoints.h included Patches that have been up for review since 2016 are almost certainly too stale to be relevant to trunk in their current form. If this patch is still important please rebase it and post it for review again.