WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
195165
[JSC][CLoop] Stress suite crashes on platforms with 64Kb page size
https://bugs.webkit.org/show_bug.cgi?id=195165
Summary
[JSC][CLoop] Stress suite crashes on platforms with 64Kb page size
Tomas Popela
Reported
2019-02-28 06:53:34 PST
After the Friday's changes were pulled into our JSC CI, a lot of tests started to fail on ppc64, ppc64le and s390x (not tight to big endianess, but arches using 64Kb page size): + cat ./results/failed stress/ai-create-this-to-new-object.js.default stress/ai-create-this-to-new-object-fire.js.default stress/allocation-sinking-defs-may-have-replacements.js.default stress/add-inferred-type-table-to-existing-structure.js.default stress/JSON-parse-should-cache-array-lengths.js.default stress/arguments-captured.js.default stress/array-copywithin.js.default stress/array-concat-on-frozen-object.js.misc-ftl-no-cjit stress/array-from-set-length.js.default stress/array-from-with-iterable.js.default stress/array-from-with-iterator.js.default stress/array-slice-on-frozen-object.js.misc-ftl-no-cjit stress/arrowfunction-lexical-bind-newtarget.js.default stress/arrowfunction-lexical-bind-arguments-non-strict-2.js.default stress/arrowfunction-lexical-bind-supercall-1.js.default stress/arrowfunction-lexical-bind-supercall-3.js.default stress/arrowfunction-lexical-bind-supercall-2.js.default stress/arrowfunction-lexical-bind-arguments-strict.js.default stress/arrowfunction-lexical-bind-this-1.js.default stress/arrowfunction-lexical-bind-supercall-4.js.default stress/arrowfunction-lexical-bind-superproperty.js.default stress/arrowfunction-tdz-3.js.default stress/async-arrow-functions-lexical-super-binding.js.default stress/async-iteration-basic.js.default stress/async-iteration-yield-promise.js.default stress/cached-prototype-setter.js.default stress/call-varargs-with-different-arguments-length-after-warmup.js.default stress/catch-parameter-destructuring.js.default stress/check-structure-ir-ensures-empty-does-not-flow-through.js.default stress/class-syntax-double-constructor.js.default stress/cloned-arguments-elimination.js.default stress/construct-forward-varargs-for-inlined-escaped-arguments.js.default stress/construct-varargs-inline-smaller-Foo.js.default stress/construct-varargs-inline.js.default stress/construct-varargs-no-inline.js.default stress/constructor-with-return.js.default stress/create-this-structure-change-without-cse.js.default stress/create-this-property-change.js.default stress/create-this-structure-change.js.default stress/cse-multi-get-by-offset-remove-checks.js.default stress/custom-get-set-inline-caching-one-level-up-proto-chain.js.default stress/dead-int32-to-double.js.default stress/dead-uint32-to-number.js.default stress/dfg-exception-try-catch-in-constructor-with-inlined-throw.js.default stress/dfg-rare-data.js.default stress/equals-masquerader.js.default stress/eval-func-decl-with-let-const-class.js.default stress/for-in-delete-during-iteration.js.default stress/for-in-prototype.js.default stress/for-in-shadow-prototype-property.js.default stress/for-in-tests.js.default stress/ftl-reallocatepropertystorage.js.default stress/function-body-to-string-before-parameter-syntax-check.js.default stress/generator-yield-star.js.default stress/get-by-pname-only-prototype-properties.js.default stress/has-custom-properties.js.default stress/injected-numeric-setter-on-prototype.js.default stress/inlined-constructor-this-liveness.js.default stress/inlined-function-this-liveness.js.default stress/is-undefined-jettison-on-masquerader.js.default stress/is-undefined-exit-on-masquerader.js.default stress/is-undefined-masquerader.js.default stress/iterator-return-beyond-multiple-iteration-scopes.js.default stress/jit-cache-poly-replace-then-cache-get-and-fold-then-invalidate.js.default stress/json-parse-on-frozen-object.js.misc-ftl-no-cjit stress/lexical-let-loop-semantics.js.default stress/materialize-past-butterfly-allocation.js.default stress/multi-put-by-offset-must-filter-value-before-filtering-base.js.default stress/new-function-expression-has-structures.js.default stress/numeric-setter-on-prototype-non-blank-array.js.default stress/numeric-setter-on-self.js.default stress/numeric-setter-on-prototype.js.default stress/object-allocation-sinking-with-uninitialized-property-on-one-path.js.default stress/object-from-entries.js.default stress/op_add.js.misc-ftl-no-cjit stress/op_bitand.js.misc-ftl-no-cjit stress/op_bitor.js.misc-ftl-no-cjit stress/op_bitxor.js.misc-ftl-no-cjit stress/op_div-ConstVar.js.misc-ftl-no-cjit stress/op_div-VarVar.js.misc-ftl-no-cjit stress/op_lshift-ConstVar.js.misc-ftl-no-cjit stress/op_lshift-VarVar.js.misc-ftl-no-cjit stress/op_div-VarConst.js.misc-ftl-no-cjit stress/op_mod-ConstVar.js.misc-ftl-no-cjit stress/op_lshift-VarConst.js.misc-ftl-no-cjit stress/op_mod-VarConst.js.misc-ftl-no-cjit stress/op_mod-VarVar.js.misc-ftl-no-cjit stress/op_mul-ConstVar.js.misc-ftl-no-cjit stress/op_mul-VarConst.js.misc-ftl-no-cjit stress/op_mul-VarVar.js.misc-ftl-no-cjit stress/op_negate.js.misc-ftl-no-cjit stress/op_postdec.js.misc-ftl-no-cjit stress/op_postinc.js.misc-ftl-no-cjit stress/op_predec.js.misc-ftl-no-cjit stress/op_preinc.js.misc-ftl-no-cjit stress/op_rshift-ConstVar.js.misc-ftl-no-cjit stress/op_rshift-VarVar.js.misc-ftl-no-cjit stress/op_rshift-VarConst.js.misc-ftl-no-cjit stress/op_urshift-ConstVar.js.misc-ftl-no-cjit stress/op_sub-VarConst.js.misc-ftl-no-cjit stress/op_sub-VarVar.js.misc-ftl-no-cjit stress/op_sub-ConstVar.js.misc-ftl-no-cjit stress/op_urshift-VarConst.js.misc-ftl-no-cjit stress/op_urshift-VarVar.js.misc-ftl-no-cjit stress/poly-chain-getter.js.default stress/poly-chain-setter.js.default stress/poly-chain-then-setter.js.default stress/poly-proto-miss.js.default stress/poly-self-getter.js.default stress/poly-setter-combo.js.default stress/primitive-poly-proto.js.default stress/prototype-is-not-js-object.js.default stress/poly-proto-custom-value-and-accessor.js.default stress/prototype-getter.js.default stress/proxy-class.js.default stress/put-by-id-on-new-object-after-prototype-transition-non-strict.js.default stress/put-by-id-on-new-object-after-prototype-transition-strict.js.default stress/put-by-id-transition-null-prototype.js.default stress/put-inline-cache-side-effects.js.default stress/raise-error-in-iterator-close.js.default stress/reflect-construct.js.default stress/reflect-set.js.default stress/regexp-exec-test-effectful-last-index.js.default stress/regress-141489.js.default stress/regress-148564.js.no-cjit-no-access-inlining stress/regress-159537.js.default stress/regress-153486.js.default stress/regress-173321.js.default stress/regress-187091.js.default stress/repeated-put-by-id-reallocating-transition.js.default stress/sampling-profiler-richards.js.default stress/setter-same-base-and-rhs-invalid-assertion-inside-access-case.js.default stress/sink_checkstructure.js.default stress/string-raw.js.default stress/super-get-by-id.js.default stress/super-property-access-exceptions.js.default stress/super-property-access.js.default stress/typedarray-configure-index.js.default stress/typedarray-from.js.default stress/v8-crypto-strict.js.default stress/v8-deltablue-strict.js.default stress/v8-raytrace-strict.js.default stress/v8-earley-boyer-strict.js.default stress/v8-splay-strict.js.default stress/v8-richards-strict.js.default stress/weird-setter-counter-syntactic.js.default stress/dont-emit-osr-exits-for-every-call-ftl.js.default stress/big-int-value-op-update-gc-rules.js.big-int-enabled stress/put-by-id-flags.js.default stress/type-for-get-by-val-can-be-widen-after-ai.js.default ++ wc -l ./results/failed ++ cut '-d ' -f1 + echo '150 failure(s)' 150 failure(s) + exit 1 All ends with ERROR: Unexpected exit code: 139 changes pulled in: scalableNativeWebpageParameters() is not preserved on new page (details) [JSC] Revert
r226885
to make SlotVisitor creation lazy (details) Add some randomness into the StructureID. (details) Web Inspector: Dark Mode: Network Overview Graph segments have (details) Web Inspector: CPU Usage Timeline - Thread Breakdown (details) Fix WTFLogVerbose variadic parameters forwarding (details) Web Inspector: hovering a node inside an object preview should highlight (details) Web Inspector: Rename LineChart to AreaChart (details) Web Inspector: Console: dragging a selection outside the selected (details) Web Inspector: Canvas: if no auto-capture value is specified, don't (details) Web Inspector: navigation sidebar says "No Search Results" when a slow (details) [JSC] Repeat string created from Array.prototype.join() take too much (details) [WPE] Add API for webview background color configuration (details) [JSC] Fix compilation on 32-bit platforms after
r242071
(details) [EGL] Runtime support for RGB565 pixel layout (details) Export MathML fraction tests to WPT (details) Synchronize MathML WPT tests (details) Unreviewed, rolling out
r242071
. (details) Versioning. (details) WebPageProxy should nullify m_userMediaPermissionRequestManager after (details) Split tests programmatic-scroll-iframe and scroll-iframe (details) [ContentChangeObserver] Move CheckForVisibilityChange to (details) [Curl] Load HTTP body of 401 response when AuthenticationChange is (details) [ContentChangeObserver] Move observing logic from (details) [ContentChangeObserver] Simplify content observation API by removing (details) Unreviewed, rolling out
r241970
. (details) [Re-landing] Add some randomness into the StructureID. (details) Create WebPageProxy::m_userMediaPermissionRequestManager only when (details) [iOS] REGRESSION(
r238490
?): Safari sometimes shows blank page until a (details) [iOS] Regression(PSON) Scroll position is no longer restored when (details) Unpoison MacroAssemblerCodePtr, ClassInfo pointers, and a few other (details) Gardening: 32-bit build fix after
r242096
. (details) [ContentChangeObserver] Move style recalc schedule observation logic to (details) Misc cleanup in StructureIDTable after
r242096
. (details) Web Inspector: CPU Usage Timeline - Main Thread Indicator (details) Web Inspector: Search: no results when opening to Search tab (details) Update NetworkSession to use Session Cleanup when available (details) [iOS] Sandbox should allow mach lookups related to media capturing (details) [ContentChangeObserver] clearContentChangeObservers should be internal (details) Fix warnings on ARM and MIPS (details) [Mac WK2] storage/indexeddb/IDBObject-leak.html is flaky (details) Move service worker response validation from the service worker client (details) [Cocoa] Media elements will restart network buffering just before (details) wasmToJS() should purify incoming NaNs. (details) Do not try to observe the timer when Page is nullptr (details) Code quality cleanup in NeverDestroyed (details) Remove conditional compile guard for (details) Web Inspector: Use system accent color throughout UI (details) I will try to get the backtrace.
Attachments
Add attachment
proposed patch, testcase, etc.
Tomas Popela
Comment 1
2019-02-28 07:02:35 PST
Core was generated by `./WebKitBuild/Debug/bin/jsc JSTests/stress/put-by-id-flags.js '. Program terminated with signal SIGSEGV, Segmentation fault. #0 JSC::LLInt::CLoop::execute (entryOpcodeID=JSC::llint_vm_entry_to_javascript, executableAddress=0x7fffa2497c30 <JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)+23080>, vm=0x7fff9e7d0010, protoCallFrame=0x7ffff404bd20, isInitializationPass=false) at /home/tpopela/WebKit/WebKitBuild/Debug/DerivedSources/JavaScriptCore/LLIntAssembly.h:6092 6092 t2 = *CAST<int64_t*>(t2.i8p() + 32); // /home/tpopela/WebKit/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:1368 Missing separate debuginfos, use: dnf debuginfo-install glibc-2.27.9000-16.fc29.ppc64 libgcc-8.1.1-1.fc29.ppc64 libicu-60.2-3.fc29.ppc64 libstdc++-8.1.1-1.fc29.ppc64 (gdb) bt #0 JSC::LLInt::CLoop::execute (entryOpcodeID=JSC::llint_vm_entry_to_javascript, executableAddress=0x7fffa2497c30 <JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)+23080>, vm=0x7fff9e7d0010, protoCallFrame=0x7ffff404bd20, isInitializationPass=false) at /home/tpopela/WebKit/WebKitBuild/Debug/DerivedSources/JavaScriptCore/LLIntAssembly.h:6092 #1 0x00007fffa25640e0 in JSC::vmEntryToJavaScript (executableAddress=0x7fffa2497c30 <JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)+23080>, vm=0x7fff9e7d0010, protoCallFrame=0x7ffff404bd20) at /home/tpopela/WebKit/Source/JavaScriptCore/llint/LLIntThunks.cpp:108 #2 0x00007fffa2475b04 in JSC::JITCode::execute (this=0x10002417b70, vm=0x7fff9e7d0010, protoCallFrame=0x7ffff404bd20) at /home/tpopela/WebKit/Source/JavaScriptCore/jit/JITCodeInlines.h:38 #3 0x00007fffa246777c in JSC::Interpreter::executeProgram (this=0x100023d02f0, source=..., callFrame=0x100023f0048, thisObj=0x7fff9e260280) at /home/tpopela/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:834 #4 0x00007fffa27be880 in JSC::evaluate (exec=0x100023f0048, source=..., thisValue=..., returnedException=...) at /home/tpopela/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:141 #5 0x000000001005d7e8 in runWithOptions (globalObject=0x100023f0000, options=..., success=@0x7ffff404cb48: true) at /home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp:2586 #6 0x000000001005eea0 in <lambda(JSC::VM&, GlobalObject*, bool&)>::operator()(JSC::VM &, GlobalObject *, bool &) const (__closure=0x7ffff404cc08, vm=..., globalObject=0x100023f0000, success=@0x7ffff404cb48: true) at /home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp:3052 #7 0x00000000100608c0 in runJSC<jscmain(int, char**)::<lambda(JSC::VM&, GlobalObject*, bool&)> >(const CommandLine &, bool, const <lambda(JSC::VM&, GlobalObject*, bool&)> &) (options=..., isWorker=false, func=...) at /home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp:2910 #8 0x000000001005ef74 in jscmain (argc=2, argv=0x7ffff404d158) at /home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp:3045 #9 0x000000001005bf78 in main (argc=2, argv=0x7ffff404d158) at /home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp:2410
Tomas Popela
Comment 2
2019-02-28 07:04:37 PST
(gdb) bt full #0 JSC::LLInt::CLoop::execute (entryOpcodeID=JSC::llint_vm_entry_to_javascript, executableAddress=0x7fffa2497c30 <JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)+23080>, vm=0x7fff9e7d0010, protoCallFrame=0x7ffff404bd20, isInitializationPass=false) at /home/tpopela/WebKit/WebKitBuild/Debug/DerivedSources/JavaScriptCore/LLIntAssembly.h:6092 __PRETTY_FUNCTION__ = "static JSC::JSValue JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)" t0 = {m_value = 140735844712576} t1 = {m_value = 1099549125072} t2 = {m_value = 7782359175366647568} t3 = {m_value = 1099549402784} t5 = {m_value = 1099549417216} sp = {m_value = 140735852379888} cfr = {m_value = 140735852379936} lr = {m_value = 140735916801780} pc = {m_value = 7} pcBase = {m_value = 1099549469568} tagTypeNumber = {m_value = 18446462598732840960} tagMask = {m_value = 18446462598732840962} metadataTable = {m_value = 1099549417024} d0 = {m_value = 1.3906701683820105e-309} d1 = {m_value = 6.9533458759914248e-310} cloopStack = @0x100023d02f8: {static maxExcessCapacity = 8192, m_vm = @0x7fff9e7d0010, m_topCallFrame = @0x7fff9e7f9868, m_end = 0x7fff9e7c0000, m_commitTop = 0x7fff9e7a0000, m_reservation = {<WTF::PageBlock> = {m_realBase = 0x7fff9e3d0000, m_base = 0x7fff9e3d0000, m_size = 4194304}, m_committed = 196608, m_writable = true, m_executable = false}, m_lastStackPointer = 0x7fff9e7cfef0, m_currentStackPointer = 0x7fff9e7cfef0, m_softReservedZoneSizeInRegisters = 16384} stackPointerScope = {m_stack = @0x100023d02f8, m_originalStackPointer = 0x7fff9e7d0000} startSP = 0x7fff9e7d0000 startCFR = 0x0 nativeFunc = {m_ptr = @0x100f50a0: 0x10050c4c <functionNeverInlineFunction(JSC::ExecState*)>} functionReturnValue = {static numberOfInt52Bits = 52, static notInt52 = 4503599627370496, static int52ShiftAmount = 12, u = {asInt64 = 10, ptr = 0xa, asBits = {tag = 0, payload = 10}}} opcode = 0x7fffa24c9f30 <JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)+228648> result = <optimized out> result = <optimized out> result = <optimized out> result = <optimized out> temp = <optimized out> result = <optimized out> temp = <optimized out> result = <optimized out> result = <optimized out> temp = <optimized out> temp = <optimized out> temp = <optimized out> temp = <optimized out> result = <optimized out> result = <optimized out> temp = <optimized out> temp = <optimized out> temp = <optimized out> temp = <optimized out> result = <optimized out> #1 0x00007fffa25640e0 in JSC::vmEntryToJavaScript (executableAddress=0x7fffa2497c30 <JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)+23080>, vm=0x7fff9e7d0010, protoCallFrame=0x7ffff404bd20) at /home/tpopela/WebKit/Source/JavaScriptCore/llint/LLIntThunks.cpp:108 result = {static numberOfInt52Bits = 52, static notInt52 = 4503599627370496, static int52ShiftAmount = 12, u = {asInt64 = 140735929925320, ptr = 0x7fffa31c3ec8 <JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)::__FUNCTION__>, asBits = {tag = 32767, payload = -1558430008}}} #2 0x00007fffa2475b04 in JSC::JITCode::execute (this=0x10002417b70, vm=0x7fff9e7d0010, protoCallFrame=0x7ffff404bd20) at /home/tpopela/WebKit/Source/JavaScriptCore/jit/JITCodeInlines.h:38 scope = {<JSC::ExceptionScope> = {m_vm = @0x7fff9e7d0010, m_previousScope = 0x7ffff404bc08, m_location = {stackPosition = 0x0, functionName = 0x7fffa31c3ec8 <JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)::__FUNCTION__> "execute", file = 0x7fffa31bdf10 "/home/tpopela/WebKit/Source/JavaScriptCore/jit/JITCodeInlines.h", line = 35}, m_recursionDepth = 3}, m_isReleased = false} __FUNCTION__ = "execute" entryAddress = 0x7fffa2497c30 <JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)+23080> result = {static numberOfInt52Bits = 52, static notInt52 = 4503599627370496, static int52ShiftAmount = 12, u = {asInt64 = 1099549473648, ptr = 0x10002417b70, asBits = {tag = 256, payload = 37845872}}} #3 0x00007fffa246777c in JSC::Interpreter::executeProgram (this=0x100023d02f0, source=..., callFrame=0x100023f0048, thisObj=0x7fff9e260280) at /home/tpopela/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:834 mask = {m_mask = 6 '\006'} error = 0x0 codeBlock = 0x7fff9dfc0000 protoCallFrame = {static numberOfRegisters = 4, codeBlockValue = {u = {value = 140735843926016, callFrame = 0x7fff9dfc0000, codeBlock = 0x7fff9dfc0000, encodedValue = {asInt64 = 140735843926016, ptr = 0x7fff9dfc0000, asBits = {tag = 32767, payload = -1644429312}}, number = 6.953274562231997e-310, integer = 140735843926016}}, calleeValue = {u = {value = 140735846679200, callFrame = 0x7fff9e2602a0, codeBlock = 0x7fff9e2602a0, encodedValue = {asInt64 = 140735846679200, ptr = 0x7fff9e2602a0, asBits = {tag = 32767, payload = -1641676128}}, number = 6.9532746982573601e-310, integer = 140735846679200}}, argCountAndCodeOriginValue = {u = {value = 1, callFrame = 0x1, codeBlock = 0x1, encodedValue = {asInt64 = 1, ptr = 0x1, asBits = {tag = 0, payload = 1}}, number = 4.9406564584124654e-324, integer = 1}}, thisArg = {u = {value = 140735846679168, callFrame = 0x7fff9e260280, codeBlock = 0x7fff9e260280, encodedValue = {asInt64 = 140735846679168, ptr = 0x7fff9e260280, asBits = {tag = 32767, payload = -1641676160}}, number = 6.9532746982557791e-310, integer = 140735846679168}}, paddedArgCount = 1, hasArityMismatch = false, args = 0x0} result = {static numberOfInt52Bits = 52, static notInt52 = 4503599627370496, static int52ShiftAmount = 12, u = {asInt64 = 140733193388035, ptr = 0x7fff00000003, asBits = {tag = 32767, payload = 3}}} scope = 0x7fff9e290000 vm = <error reading variable> throwScope = {<JSC::ExceptionScope> = {m_vm = @0x7fff9e7d0010, m_previousScope = 0x7ffff404c6b8, m_location = {stackPosition = 0x0, functionName = 0x7fffa31c1c60 <JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*)::__FUNCTION__> "executeProgram", file = 0x7fffa31bdfe0 "/home/tpopela/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp", line = 655}, m_recursionDepth = 2}, m_isReleased = true} __FUNCTION__ = "executeProgram" program = 0x7fff9e020000 __PRETTY_FUNCTION__ = "JSC::JSValue JSC::Interpreter::executeProgram(const JSC::SourceCode&, JSC::CallFrame*, JSC::JSObject*)" globalObject = 0x100023f0000 JSONPData = {<WTF::VectorBuffer<JSC::JSONPData, 0>> = {<WTF::VectorBufferBase<JSC::JSONPData>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>} parseResult = false programSource = {m_characters = 0x100023ec674, m_length = 352, m_is8Bit = true, m_underlyingString = 0x1000240af10} entryScope = {m_vm = @0x7fff9e7d0010, m_globalObject = 0x100023f0000, m_didPopListeners = {<WTF::VectorBuffer<WTF::Function<void()>, 0>> = {<WTF::VectorBufferBase<WTF::Function<void()> >> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}} #4 0x00007fffa27be880 in JSC::evaluate (exec=0x100023f0048, source=..., thisValue=..., returnedException=...) at /home/tpopela/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:141 vm = <error reading variable> lock = {m_vm = {static isRefPtr = <optimized out>, m_ptr = 0x7fff9e7d0010}} scope = {<JSC::ExceptionScope> = {m_vm = @0x7fff9e7d0010, m_previousScope = 0x7ffff404c958, m_location = {stackPosition = 0x0, functionName = 0x7fffa32985b0 <JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)::__FUNCTION__> "evaluate", file = 0x7fffa3289128 "/home/tpopela/WebKit/Source/JavaScriptCore/runtime/Completion.cpp", line = 132}, m_recursionDepth = 1}, <No data fields>} __FUNCTION__ = "evaluate" __PRETTY_FUNCTION__ = "JSC::JSValue JSC::evaluate(JSC::ExecState*, const JSC::SourceCode&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)" profile = {m_active = false, static s_mode = JSC::CodeProfiling::Disabled, static s_tracker = 0x0, static s_profileStack = 0x0} thisObj = 0x7fff9e260280 result = {static numberOfInt52Bits = 52, static notInt52 = 4503599627370496, static int52ShiftAmount = 12, u = {asInt64 = 140737287342480, ptr = 0x7ffff404c990, asBits = {tag = 32767, payload = -201012848}}} ---Type <return> to continue, or q <return> to quit--- #5 0x000000001005d7e8 in runWithOptions (globalObject=0x100023f0000, options=..., success=@0x7ffff404cb48: true) at /home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp:2586 evaluationException = {m_ptr = 0x0} returnValue = {static numberOfInt52Bits = 52, static notInt52 = 4503599627370496, static int52ShiftAmount = 12, u = {asInt64 = 140737287342672, ptr = 0x7ffff404ca50, asBits = {tag = 32767, payload = -201012656}}} promise = 0x0 isModule = false isLastFile = true i = 0 scripts = @0x7ffff404cc18: {<WTF::VectorBuffer<Script, 0>> = {<WTF::VectorBufferBase<Script>> = {m_buffer = 0x100023c1e70, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>} fileName = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x10002409c00}} scriptBuffer = {<WTF::VectorBuffer<char, 0>> = {<WTF::VectorBufferBase<char>> = { m_buffer = 0x1000240ac90 "function f(x, y) {\n x.y = y;\n};\n\nfunction g(x) {\n return x.y + 42;\n}\nnoInline(f);\nnoInline(g);\n\nvar x = {};\nvar y = {};\nf(x, 42);\nf(y, {});\n\nwhile (!numberOfDFGCompiles(g)) {\n optimizeNextInv"..., m_capacity = 352, m_size = 352}, <No data fields>}, <No data fields>} vm = <error reading variable> scope = {<JSC::ExceptionScope> = {m_vm = @0x7fff9e7d0010, m_previousScope = 0x0, m_location = {stackPosition = 0x0, functionName = 0x100be670 <runWithOptions(GlobalObject*, CommandLine&, bool&)::__FUNCTION__> "runWithOptions", file = 0x100b2938 "/home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp", line = 2533}, m_recursionDepth = 0}, <No data fields>} __FUNCTION__ = "runWithOptions" #6 0x000000001005eea0 in <lambda(JSC::VM&, GlobalObject*, bool&)>::operator()(JSC::VM &, GlobalObject *, bool &) const (__closure=0x7ffff404cc08, vm=..., globalObject=0x100023f0000, success=@0x7ffff404cb48: true) at /home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp:3052 options = @0x7ffff404cc10: {m_interactive = false, m_dump = false, m_module = false, m_exitCode = false, m_scripts = {<WTF::VectorBuffer<Script, 0>> = {<WTF::VectorBufferBase<Script>> = {m_buffer = 0x100023c1e70, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>}, m_arguments = {<WTF::VectorBuffer<WTF::String, 0>> = {<WTF::VectorBufferBase<WTF::String>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}, m_profile = false, m_profilerOutput = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_uncaughtExceptionName = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_treatWatchdogExceptionAsSuccess = false, m_alwaysDumpUncaughtException = false, m_dumpMemoryFootprint = false, m_dumpSamplingProfilerData = false, m_enableRemoteDebugging = false} #7 0x00000000100608c0 in runJSC<jscmain(int, char**)::<lambda(JSC::VM&, GlobalObject*, bool&)> >(const CommandLine &, bool, const <lambda(JSC::VM&, GlobalObject*, bool&)> &) (options=..., isWorker=false, func=...) at /home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp:2910 locker = {m_vm = {static isRefPtr = <optimized out>, m_ptr = 0x7fff9e7d0010}} worker = {<WTF::BasicRawSentinelNode<Worker>> = {m_next = 0x100023c28e8, m_prev = 0x100023c28d8}, m_workers = @0x100023c28d0, m_messages = {m_start = 0, m_end = 0, m_buffer = {<WTF::VectorBufferBase<WTF::RefPtr<Message, WTF::DumbPtrTraits<Message> > >> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, m_iterators = 0x0}} vm = <error reading variable> result = 32767 success = true globalObject = 0x100023f0000 #8 0x000000001005ef74 in jscmain (argc=2, argv=0x7ffff404d158) at /home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp:3045 options = {m_interactive = false, m_dump = false, m_module = false, m_exitCode = false, m_scripts = {<WTF::VectorBuffer<Script, 0>> = {<WTF::VectorBufferBase<Script>> = {m_buffer = 0x100023c1e70, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>}, m_arguments = {<WTF::VectorBuffer<WTF::String, 0>> = {<WTF::VectorBufferBase<WTF::String>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}, m_profile = false, m_profilerOutput = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_uncaughtExceptionName = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_treatWatchdogExceptionAsSuccess = false, m_alwaysDumpUncaughtException = false, m_dumpMemoryFootprint = false, m_dumpSamplingProfilerData = false, m_enableRemoteDebugging = false} result = 32767 #9 0x000000001005bf78 in main (argc=2, argv=0x7ffff404d158) at /home/tpopela/WebKit/Source/JavaScriptCore/jsc.cpp:2410
Mark Lam
Comment 3
2019-02-28 13:50:20 PST
If you're running with the CLoop, you might want to try again after
r242193
(which is the fix for
https://bugs.webkit.org/show_bug.cgi?id=195127
) just in case this is related.
Tomas Popela
Comment 4
2019-02-28 14:11:50 PST
(In reply to Mark Lam from
comment #3
)
> If you're running with the CLoop, you might want to try again after
r242193
> (which is the fix for
https://bugs.webkit.org/show_bug.cgi?id=195127
) just > in case this is related.
Let me trigger it.
Tomas Popela
Comment 5
2019-03-01 04:21:23 PST
(In reply to Mark Lam from
comment #3
)
> If you're running with the CLoop, you might want to try again after
r242193
> (which is the fix for
https://bugs.webkit.org/show_bug.cgi?id=195127
) just > in case this is related.
Indeed fixed by
r242193
, that you Mark!
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug