RESOLVED FIXED Bug 198355
oss-fuzz: jsc: Issue 15016: jsc: Abrt in JSC::Wasm::AirIRGenerator::addLocal (15016) 
https://bugs.webkit.org/show_bug.cgi?id=198355
Summary oss-fuzz: jsc: Issue 15016: jsc: Abrt in JSC::Wasm::AirIRGenerator::addLocal ...
Justin Michaud
Reported 2019-05-29 17:04:33 PDT
oss-fuzz: jsc: Issue 15016: jsc: Abrt in JSC::Wasm::AirIRGenerator::addLocal (15016)
Attachments
Patch (2.71 KB, patch)
2019-05-29 17:05 PDT, Justin Michaud 		no flags
DetailsFormatted DiffDiff
Patch (4.23 KB, patch)
2019-05-29 19:50 PDT, Justin Michaud 		saam: review+
DetailsFormatted DiffDiff
Patch (4.22 KB, patch)
2019-05-29 20:15 PDT, Justin Michaud 		commit-queue: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews211 for win-future (13.86 MB, application/zip)
2019-05-30 00:05 PDT, EWS Watchlist 		no flags
Details
Patch (4.22 KB, patch)
2019-05-30 10:26 PDT, Justin Michaud 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Justin Michaud
Comment 1 2019-05-29 17:05:53 PDT
Created attachment 370900 [details] Patch
Justin Michaud
Comment 2 2019-05-29 17:08:13 PDT
<rdar://51218333>
Yusuke Suzuki
Comment 3 2019-05-29 17:17:42 PDT
Comment on attachment 370900 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=370900&action=review r=me > JSTests/wasm/references/is_null.js:18 > - .Function("h", { params: ["anyref"], ret: "anyref" }) > + .Function("h", { params: ["anyref"], ret: "anyref" }, ["anyref"]) > .GetLocal(0) > + .SetLocal(1) > + .GetLocal(1) > .End() Can we have a test that ensures anyref local is initialized with null?
Saam Barati
Comment 4 2019-05-29 18:24:55 PDT
Comment on attachment 370900 [details] Patch Aren't we missing this in WasmB3IRGenerator too?
Saam Barati
Comment 5 2019-05-29 18:26:35 PDT
Comment on attachment 370900 [details] Patch You need to change B3IRGenerator to also not emit zero for this local, and instead, jsNull().
Justin Michaud
Comment 6 2019-05-29 19:50:17 PDT
Created attachment 370911 [details] Patch
Saam Barati
Comment 7 2019-05-29 19:55:43 PDT
Comment on attachment 370911 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=370911&action=review r=me > JSTests/wasm/references/is_null.js:62 > +assert.eq(instance.exports.local_read(), 1) This tests WasmB3IRGenerator because we sometimes run that as the lowest tier in our testing, right?
Saam Barati
Comment 8 2019-05-29 19:56:14 PDT
Comment on attachment 370911 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=370911&action=review > Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:537 > + auto val = (type == Anyref ? JSValue::encode(jsNull()) : 0); style nit: no need for outer parens here.
Justin Michaud
Comment 9 2019-05-29 20:13:00 PDT
(In reply to Saam Barati from comment #7) > Comment on attachment 370911 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=370911&action=review > > r=me > > > JSTests/wasm/references/is_null.js:62 > > +assert.eq(instance.exports.local_read(), 1) > > This tests WasmB3IRGenerator because we sometimes run that as the lowest > tier in our testing, right? That is correct. I added a pass that runs it with wasmBBQUsesAir=0.
Justin Michaud
Comment 10 2019-05-29 20:15:15 PDT
Created attachment 370914 [details] Patch
EWS Watchlist
Comment 11 2019-05-30 00:05:08 PDT
Comment on attachment 370914 [details] Patch Attachment 370914 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/12325383 New failing tests: imported/blink/fast/canvas/canvas-state-persistence-no-dirty.html imported/blink/compositing/layer-creation/iframe-clip-removed.html http/tests/misc/slow-loading-animated-image.html storage/indexeddb/index-cursor.html js/slow-stress/variadic-closure-call.html
EWS Watchlist
Comment 12 2019-05-30 00:05:11 PDT
Created attachment 370925 [details] Archive of layout-test-results from ews211 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews211 Port: win-future Platform: CYGWIN_NT-10.0-17763-3.0.5-338.x86_64-x86_64-64bit
Justin Michaud
Comment 13 2019-05-30 10:21:30 PDT
Comment on attachment 370914 [details] Patch Test failures look unrelated.
WebKit Commit Bot
Comment 14 2019-05-30 10:22:55 PDT
Comment on attachment 370914 [details] Patch Rejecting attachment 370914 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-03', 'validate-changelog', '--check-oops', '--non-interactive', 370914, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit ChangeLog entry in JSTests/ChangeLog contains OOPS!. Full output: https://webkit-queues.webkit.org/results/12329376
Justin Michaud
Comment 15 2019-05-30 10:26:28 PDT
Created attachment 370950 [details] Patch ಠ_ಠ
WebKit Commit Bot
Comment 16 2019-05-30 11:06:15 PDT
Comment on attachment 370950 [details] Patch Clearing flags on attachment: 370950 Committed r245895: <https://trac.webkit.org/changeset/245895>
WebKit Commit Bot
Comment 17 2019-05-30 11:06:17 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.