189227 – The watchdog sometimes fails to terminate a script.

Bug 189227 - The watchdog sometimes fails to terminate a script.

Summary: The watchdog sometimes fails to terminate a script.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Lam

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-09-01 22:59 PDT by Mark Lam
Modified:	2018-09-03 19:48 PDT (History)
CC List:	9 users (show)

See Also:

Attachments
proposed patch. (7.87 KB, patch) 2018-09-01 23:38 PDT, Mark Lam	ews-watchlist: commit-queue-	Details \| Formatted Diff \| Diff
proposed patch. (7.87 KB, patch) 2018-09-02 09:18 PDT, Mark Lam	mark.lam: review- ews-watchlist: commit-queue-	Details \| Formatted Diff \| Diff
proposed patch. (10.24 KB, patch) 2018-09-03 11:40 PDT, Mark Lam	mark.lam: review-	Details \| Formatted Diff \| Diff
proposed patch. (10.24 KB, patch) 2018-09-03 13:01 PDT, Mark Lam	mark.lam: review-	Details \| Formatted Diff \| Diff
proposed patch. (10.23 KB, patch) 2018-09-03 13:08 PDT, Mark Lam	saam: review+ mark.lam: commit-queue-	Details \| Formatted Diff \| Diff
patch for landing. (11.15 KB, patch) 2018-09-03 16:15 PDT, Mark Lam	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (5) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Lam 2018-09-01 22:59:00 PDT

<rdar://problem/39932857>

Comment 1 Mark Lam 2018-09-01 23:38:19 PDT

Created attachment 348728 [details]
proposed patch.

Comment 2 EWS Watchlist 2018-09-02 01:02:47 PDT

Comment on attachment 348728 [details]
proposed patch.

Attachment 348728 [details] did not pass jsc-ews (mac):
Output: https://webkit-queues.webkit.org/results/9067847

New failing tests:
stress/regress-189227-watchdog-on-infinite-loop.js.dfg-eager
stress/regress-189227-watchdog-on-infinite-loop.js.default
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-no-cjit-small-pool
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-eager-no-cjit-b3o1
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-no-cjit-validate-sampling-profiler
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-eager-no-cjit
stress/regress-189227-watchdog-on-infinite-loop.js.no-ftl
stress/regress-189227-watchdog-on-infinite-loop.js.dfg-eager-no-cjit-validate
stress/regress-189227-watchdog-on-infinite-loop.js.no-cjit-collect-continuously
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-no-cjit-b3o1
stress/regress-189227-watchdog-on-infinite-loop.js.no-cjit-validate-phases
stress/regress-189227-watchdog-on-infinite-loop.js.no-llint
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-no-cjit-no-inline-validate
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-no-cjit-no-put-stack-validate
apiTests

Comment 3 Saam Barati 2018-09-02 09:13:40 PDT

Comment on attachment 348728 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=348728&action=review

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2853
> +    if (UNLIKELY(vm.needTrapHandling()))

If you make CheckTraps exit to check_traps, you won’t need this code

Comment 4 Mark Lam 2018-09-02 09:18:29 PDT

Created attachment 348733 [details]
proposed patch.

Adjusted test heuristics to hopefully eliminate flakiness.

Comment 5 EWS Watchlist 2018-09-02 10:48:01 PDT

Comment on attachment 348733 [details]
proposed patch.

Attachment 348733 [details] did not pass jsc-ews (mac):
Output: https://webkit-queues.webkit.org/results/9071026

New failing tests:
stress/regress-189227-watchdog-on-infinite-loop.js.dfg-eager
stress/regress-189227-watchdog-on-infinite-loop.js.dfg-eager-no-cjit-validate
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-no-cjit-small-pool
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-eager-no-cjit-b3o1
stress/regress-189227-watchdog-on-infinite-loop.js.no-cjit-validate-phases
stress/regress-189227-watchdog-on-infinite-loop.js.no-ftl
stress/regress-189227-watchdog-on-infinite-loop.js.no-cjit-collect-continuously
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-no-cjit-b3o1
stress/regress-189227-watchdog-on-infinite-loop.js.no-llint
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-no-cjit-no-inline-validate
stress/regress-189227-watchdog-on-infinite-loop.js.ftl-no-cjit-no-put-stack-validate
apiTests

Comment 6 Saam Barati 2018-09-02 11:46:26 PDT

Are you going to make the change where you fix how check_traps is lowered in the bytecode parser?

Comment 7 Mark Lam 2018-09-02 11:59:24 PDT

(In reply to Saam Barati from comment #6)
> Are you going to make the change where you fix how check_traps is lowered in
> the bytecode parser?

Yes, I should take this patch out of review

Comment 8 Mark Lam 2018-09-03 11:40:23 PDT

Created attachment 348785 [details]
proposed patch.

Let's get some EWS testing.

Comment 9 Mark Lam 2018-09-03 12:27:16 PDT

Comment on attachment 348785 [details]
proposed patch.

The EWS is still consistently reproducing a failure on the new test.  I'm going to investigate this first.

Comment 10 Mark Lam 2018-09-03 13:01:48 PDT

Created attachment 348786 [details]
proposed patch.

Looks like the issue is that on some bots, the watchdog thread can't get a time slice before the main thread runs to completion.  Let's make the test timeout ridiculously large to give it adequate margin.

Comment 11 Mark Lam 2018-09-03 13:07:00 PDT

Comment on attachment 348786 [details]
proposed patch.

This margin is still insufficient.  In the end, I cannot make this test not racy.  I have to make the test a true infinite loop and rely on the jsc test harness to timeout the test if it hangs.  New patch coming soon.

Comment 12 Mark Lam 2018-09-03 13:08:11 PDT

Created attachment 348787 [details]
proposed patch.

Comment 13 Saam Barati 2018-09-03 16:04:13 PDT

Comment on attachment 348787 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=348787&action=review

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:3967
> +        compileCheckTraps(node);

You should also call noResult here just for ensuring good style in case CheckTraps ever gets any child nodes

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4448
> +        compileCheckTraps(node);

Ditto

Comment 14 Mark Lam 2018-09-03 16:15:13 PDT

Comment on attachment 348787 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=348787&action=review

Thanks for the review.

>> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:3967
>> +        compileCheckTraps(node);
> 
> You should also call noResult here just for ensuring good style in case CheckTraps ever gets any child nodes

I'll add the noResult(node) call to the implementation of compileCheckTraps().

Comment 15 Mark Lam 2018-09-03 16:15:54 PDT

Created attachment 348794 [details]
patch for landing.

Comment 16 WebKit Commit Bot 2018-09-03 19:48:20 PDT

Comment on attachment 348794 [details]
patch for landing.

Clearing flags on attachment: 348794

Committed r235605: <https://trac.webkit.org/changeset/235605>

Comment 17 WebKit Commit Bot 2018-09-03 19:48:21 PDT

All reviewed patches have been landed.  Closing bug.