JSC Stress test failure: wasm.yaml/wasm/js-api/wasm-to-wasm.js.default-wasm Running wasm.yaml/wasm/js-api/wasm-to-wasm.js.default-wasm wasm.yaml/wasm/js-api/wasm-to-wasm.js.default-wasm: test_script_33676: line 2: 29983 Segmentation fault: 11 ( "$@" ../../../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --maxPerThreadStackUsage\=1572864 -m --useWebAssembly\=1 wasm-to-wasm.js ) wasm.yaml/wasm/js-api/wasm-to-wasm.js.default-wasm: ERROR: Unexpected exit code: 139 FAIL: wasm.yaml/wasm/js-api/wasm-to-wasm.js.default-wasm https://build.webkit.org/builders/Apple%20Sierra%20Release%20JSC%20%28Tests%29/builds/175
Created attachment 297968 [details] Crash log
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000001039d363e JSC::callWebAssemblyFunction(JSC::ExecState*) + 1438 (WebAssemblyFunction.cpp:122) 1 com.apple.JavaScriptCore 0x000000010377380e JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) + 622 (LLIntSlowPaths.cpp:1238) 2 com.apple.JavaScriptCore 0x000000010377b29f llint_entry + 26689 3 com.apple.JavaScriptCore 0x000000010377b2ad llint_entry + 26703 4 com.apple.JavaScriptCore 0x000000010377487b vmEntryToJavaScript + 299 5 com.apple.JavaScriptCore 0x00000001035f6ece JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 190 (JITCode.cpp:82) 6 com.apple.JavaScriptCore 0x00000001035beb03 JSC::Interpreter::execute(JSC::ModuleProgramExecutable*, JSC::ExecState*, JSC::JSModuleEnvironment*) + 579 (Interpreter.cpp:1197) 7 com.apple.JavaScriptCore 0x00000001036a4bdd JSC::JSModuleRecord::evaluate(JSC::ExecState*) + 61 (JSModuleRecord.cpp:208) 8 com.apple.JavaScriptCore 0x000000010369f622 JSC::JSModuleLoader::evaluate(JSC::ExecState*, JSC::JSValue, JSC::JSValue, JSC::JSValue) + 466 (JSModuleLoader.cpp:198) 9 ??? 0x00003f4779201028 0 + 69576207372328 10 com.apple.JavaScriptCore 0x000000010377b23b llint_entry + 26589 11 com.apple.JavaScriptCore 0x000000010377b2ad llint_entry + 26703 12 ??? 0x00003f477920a248 0 + 69576207409736 13 com.apple.JavaScriptCore 0x000000010377487b vmEntryToJavaScript + 299 14 com.apple.JavaScriptCore 0x00000001035f6ece JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 190 (JITCode.cpp:82) 15 com.apple.JavaScriptCore 0x00000001035be2ca JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 522 (Interpreter.cpp:927) 16 com.apple.JavaScriptCore 0x000000010319f532 JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 178 (CallData.cpp:59) 17 com.apple.JavaScriptCore 0x000000010369aa96 JSC::JSJobMicrotask::run(JSC::ExecState*) + 502 (JSJob.cpp:76) 18 com.apple.JavaScriptCore 0x0000000103953c7e JSC::VM::drainMicrotasks() + 302 (VM.cpp:863) 19 jsc 0x0000000102d91140 runJSC(JSC::VM*, CommandLine) + 3280 20 jsc 0x0000000102d8f81e jscmain(int, char**) + 686 21 jsc 0x0000000102d8f55b main + 27 22 libdyld.dylib 0x00007fff9a3015ad start + 1
I think this started with https://trac.webkit.org/changeset/210244
I was just investigating this.
<rdar://problem/29856455>
The problem only occurs in release, which is why I didn't see it in my debug builds. We clobber at least $r12 in the test I added, and aren't restoring it.
Created attachment 297969 [details] patch
Comment on attachment 297969 [details] patch Clearing flags on attachment: 297969 Committed r210259: <http://trac.webkit.org/changeset/210259>
All reviewed patches have been landed. Closing bug.