RESOLVED FIXED 176470
ASSERTION FAILED: op() == CheckStructure in Source/JavaScriptCore/dfg/DFGNode.h(443) 
https://bugs.webkit.org/show_bug.cgi?id=176470
Summary ASSERTION FAILED: op() == CheckStructure in Source/JavaScriptCore/dfg/DFGNode...
Matt Lewis
Reported 2017-09-06 11:02:38 PDT
The test stress/phantom-spread-forward-varargs.js.ftl-eager has had a flaky assertion failure on El Capitan JSC Debug testers ASSERTION FAILED: op() == CheckStructure /Volumes/Data/slave/elcapitan-debug/build/Source/JavaScriptCore/dfg/DFGNode.h(443) : void JSC::DFG::Node::convertToCheckStructureImmediate(JSC::DFG::Node *) 1 0x1066ecd40 WTFCrash 2 0x105b04ec0 JSC::DFG::Node::convertToCheckStructureImmediate(JSC::DFG::Node*) 3 0x105afa3be void JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase::handleNode<JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase::promoteLocalHeap()::'lambda1'(JSC::DFG::PromotedHeapLocation, JSC::DFG::LazyNode), JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase::promoteLocalHeap()::'lambda1'(JSC::DFG::PromotedHeapLocation)>(JSC::DFG::Node*, JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase::promoteLocalHeap()::'lambda1'(JSC::DFG::PromotedHeapLocation, JSC::DFG::LazyNode) const&, JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase::promoteLocalHeap()::'lambda1'(JSC::DFG::PromotedHeapLocation) const&) 4 0x105ae0338 JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase::promoteLocalHeap() 5 0x105adcc03 JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase::performSinking() 6 0x105adc852 JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase::run() 7 0x105adc2a2 bool JSC::DFG::runAndLog<JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase>(JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase&) 8 0x105adc1fe bool JSC::DFG::runPhase<JSC::DFG::(anonymous namespace)::ObjectAllocationSinkingPhase>(JSC::DFG::Graph&) 9 0x105adc1c5 JSC::DFG::performObjectAllocationSinking(JSC::DFG::Graph&) 10 0x105b90c58 JSC::DFG::Plan::compileInThreadImpl() 11 0x105b8cc5d JSC::DFG::Plan::compileInThread(JSC::DFG::ThreadData*) 12 0x105d1fece JSC::DFG::Worklist::ThreadBody::work() 13 0x1066fa82e WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const 14 0x1066fa50c WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() 15 0x10672647e WTF::Function<void ()>::operator()() const 16 0x106775f0a WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) 17 0x10677b8f5 WTF::wtfThreadEntryPoint(void*) 18 0x7fff8513b99d _pthread_body 19 0x7fff8513b91a _pthread_body 20 0x7fff85139351 thread_start test_script_16221: line 2: 33007 Segmentation fault: 11 ( "$@" ../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --maxPerThreadStackUsage\=1572864 --airForceBriggsAllocator\=true --useFTLJIT\=true --thresholdForJITAfterWarmUp\=10 --thresholdForJITSoon\=10 --thresholdForOptimizeAfterWarmUp\=20 --thresholdForOptimizeAfterLongWarmUp\=20 --thresholdForOptimizeSoon\=20 --thresholdForFTLOptimizeAfterWarmUp\=20 --thresholdForFTLOptimizeSoon\=20 --maximumEvalCacheableSourceLength\=150000 --useEagerCodeBlockJettisonTiming\=true phantom-spread-forward-varargs.js ) ERROR: Unexpected exit code: 139
Attachments
patch (1.33 KB, patch)
2017-09-06 12:03 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2017-09-06 11:54:24 PDT
This seems like it's my bug. Will fix.
Saam Barati
Comment 2 2017-09-06 12:03:39 PDT
Created attachment 320045 [details] patch
Mark Lam
Comment 3 2017-09-06 12:55:49 PDT
Comment on attachment 320045 [details] patch r=me
WebKit Commit Bot
Comment 4 2017-09-06 13:51:05 PDT
Comment on attachment 320045 [details] patch Clearing flags on attachment: 320045 Committed r221701: <http://trac.webkit.org/changeset/221701>
WebKit Commit Bot
Comment 5 2017-09-06 13:51:07 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 6 2017-09-27 12:34:46 PDT
<rdar://problem/34693520>
Note You need to log in before you can comment on or make changes to this bug.