Bug 201986 - JSTests/stress/ftl-put-by-id-setter-exception-interesting-live-state.js ftl-eager flavor fails intermittently.
Summary: JSTests/stress/ftl-put-by-id-setter-exception-interesting-live-state.js ftl-e...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Tadeu Zagallo
URL:
Keywords: InRadar
: 183266 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-09-19 09:20 PDT by Mark Lam
Modified: 2019-09-22 11:39 PDT (History)
8 users (show)

See Also:

Attachments
Patch (19.70 KB, patch)
2019-09-20 17:29 PDT, Tadeu Zagallo 		no flags Details | Formatted Diff | Diff
Patch (20.61 KB, patch)
2019-09-20 18:55 PDT, Tadeu Zagallo 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2019-09-19 09:20:12 PDT 
This is how I reproduce this failure with a release build on trunk r250085:

$ while true; do VM=WebKitBuild/Release && DYLD_FRAMEWORK_PATH=$VM $VM/jsc --airForceBriggsAllocator=true --forcePolyProto=true --thresholdForJITAfterWarmUp=10 --thresholdForJITSoon=10 --thresholdForOptimizeAfterWarmUp=20 --thresholdForOptimizeAfterLongWarmUp=20 --thresholdForOptimizeSoon=20 --thresholdForFTLOptimizeAfterWarmUp=20 --thresholdForFTLOptimizeSoon=20 --thresholdForOMGOptimizeAfterWarmUp=20 --thresholdForOMGOptimizeSoon=20 --maximumEvalCacheableSourceLength=150000 --useEagerCodeBlockJettisonTiming=true --collectContinuously=true --useGenerationalGC=false JSTests/stress/ftl-put-by-id-setter-exception-interesting-live-state.js; done

When the test fails, it prints the following to stdout:
Exception: Error42
Comment 1 Radar WebKit Bug Importer 2019-09-19 09:20:35 PDT 
<rdar://problem/55521953>
Comment 2 Mark Lam 2019-09-19 09:23:49 PDT 
I forgot to say that in order to make this issue reproduce more quickly, I kicked off a full WebKit build in the background (separate terminal window) to introduce some noise into the system.
Comment 3 Tadeu Zagallo 2019-09-20 17:29:32 PDT 
Created attachment 379293 [details]
Patch
Comment 4 Saam Barati 2019-09-20 17:43:23 PDT 
Comment on attachment 379293 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=379293&action=review

r=me

> Source/JavaScriptCore/bytecode/AccessCase.cpp:238
> +bool AccessCase::doesCalls(Vector<JSCell*>* cellsToMarkIfDoesCalls) const

let's implement Yusuke's idea of listing all types() as a switch both in here and in forEachDependentCell, so in the future, when someone adds a new type, they'll get a compile error unless they implement the type in these functions.

> Source/JavaScriptCore/bytecode/PropertyCondition.cpp:354
>  bool PropertyCondition::isStillLive(VM& vm) const

If this is no longer called, let's remove it

> Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp:132
> +    bool isValid = true;

nit: let's call this isStillLive
Comment 5 Yusuke Suzuki 2019-09-20 17:44:50 PDT 
r=me too, nice!
Comment 6 Tadeu Zagallo 2019-09-20 18:55:13 PDT 
Created attachment 379301 [details]
Patch
Comment 7 WebKit Commit Bot 2019-09-21 11:30:35 PDT 
Comment on attachment 379301 [details]
Patch

Clearing flags on attachment: 379301

Committed r250184: <https://trac.webkit.org/changeset/250184>
Comment 8 WebKit Commit Bot 2019-09-21 11:30:37 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 9 Tadeu Zagallo 2019-09-22 11:39:33 PDT 
*** Bug 183266 has been marked as a duplicate of this bug. ***