RESOLVED FIXED 189940
Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock 
https://bugs.webkit.org/show_bug.cgi?id=189940
Summary Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMateriali...
Saam Barati
Reported 2018-09-24 18:39:49 PDT
We made a copy and paste error in the NewArrayBuffer case. That lead us to using the constant pool of the FTL code block instead of the baseline code block.
Attachments
patch (6.12 KB, patch)
2018-09-24 18:46 PDT, Saam Barati 		mark.lam: review+
DetailsFormatted DiffDiff
patch for landing (6.92 KB, patch)
2018-09-25 17:16 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews104 for mac-sierra-wk2 (3.36 MB, application/zip)
2018-09-25 19:07 PDT, EWS Watchlist 		no flags
Details
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2018-09-24 18:40:58 PDT
I'm going to just make it so that we always pass in the baseline
Saam Barati
Comment 2 2018-09-24 18:46:41 PDT
Created attachment 350726 [details] patch
Saam Barati
Comment 3 2018-09-25 12:39:49 PDT
<rdar://problem/43640987>
Mark Lam
Comment 4 2018-09-25 12:48:39 PDT
Comment on attachment 350726 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=350726&action=review r=me > Source/JavaScriptCore/ChangeLog:14 > + We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL > + CodeBlock. There is nothing semantically wrong with doing that (except for > + poor naming), however, the poor naming here led us to make a real semantic > + mistake. We wanted the baseline CodeBlock's constant pool, but we were > + accessing the FTL CodeBlock's constant pool accidentally. We need to > + access the baseline CodeBlock's constant pool when we update the NewArrayBuffer > + constant value. In baselineCodeBlockForOriginAndBaselineCodeBlock(), can we ASSERT(JITCode::isBaselineCode(baselineCodeBlock->jitType())? That will help catch this error sooner in the future.
Saam Barati
Comment 5 2018-09-25 17:16:02 PDT
Created attachment 350815 [details] patch for landing
Saam Barati
Comment 6 2018-09-25 18:18:26 PDT
(In reply to Mark Lam from comment #4) > Comment on attachment 350726 [details] > patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=350726&action=review > > r=me > > > Source/JavaScriptCore/ChangeLog:14 > > + We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL > > + CodeBlock. There is nothing semantically wrong with doing that (except for > > + poor naming), however, the poor naming here led us to make a real semantic > > + mistake. We wanted the baseline CodeBlock's constant pool, but we were > > + accessing the FTL CodeBlock's constant pool accidentally. We need to > > + access the baseline CodeBlock's constant pool when we update the NewArrayBuffer > > + constant value. > > In baselineCodeBlockForOriginAndBaselineCodeBlock(), can we > ASSERT(JITCode::isBaselineCode(baselineCodeBlock->jitType())? That will > help catch this error sooner in the future. I spoke with Mark offline. We're going to add the assert.
EWS Watchlist
Comment 7 2018-09-25 19:07:21 PDT
Comment on attachment 350815 [details] patch for landing Attachment 350815 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/9350954 New failing tests: fast/custom-elements/throw-on-dynamic-markup-insertion-counter-construct.html
EWS Watchlist
Comment 8 2018-09-25 19:07:23 PDT
Created attachment 350832 [details] Archive of layout-test-results from ews104 for mac-sierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6
WebKit Commit Bot
Comment 9 2018-09-25 20:14:15 PDT
Comment on attachment 350815 [details] patch for landing Clearing flags on attachment: 350815 Committed r236495: <https://trac.webkit.org/changeset/236495>
WebKit Commit Bot
Comment 10 2018-09-25 20:14:17 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.