RESOLVED FIXED Bug 201986
JSTests/stress/ftl-put-by-id-setter-exception-interesting-live-state.js ftl-eager flavor fails intermittently. 
https://bugs.webkit.org/show_bug.cgi?id=201986
Summary JSTests/stress/ftl-put-by-id-setter-exception-interesting-live-state.js ftl-e...
Mark Lam
Reported 2019-09-19 09:20:12 PDT
This is how I reproduce this failure with a release build on trunk r250085: $ while true; do VM=WebKitBuild/Release && DYLD_FRAMEWORK_PATH=$VM $VM/jsc --airForceBriggsAllocator=true --forcePolyProto=true --thresholdForJITAfterWarmUp=10 --thresholdForJITSoon=10 --thresholdForOptimizeAfterWarmUp=20 --thresholdForOptimizeAfterLongWarmUp=20 --thresholdForOptimizeSoon=20 --thresholdForFTLOptimizeAfterWarmUp=20 --thresholdForFTLOptimizeSoon=20 --thresholdForOMGOptimizeAfterWarmUp=20 --thresholdForOMGOptimizeSoon=20 --maximumEvalCacheableSourceLength=150000 --useEagerCodeBlockJettisonTiming=true --collectContinuously=true --useGenerationalGC=false JSTests/stress/ftl-put-by-id-setter-exception-interesting-live-state.js; done When the test fails, it prints the following to stdout: Exception: Error42
Attachments
Patch (19.70 KB, patch)
2019-09-20 17:29 PDT, Tadeu Zagallo 		no flags
DetailsFormatted DiffDiff
Patch (20.61 KB, patch)
2019-09-20 18:55 PDT, Tadeu Zagallo 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-09-19 09:20:35 PDT
<rdar://problem/55521953>
Mark Lam
Comment 2 2019-09-19 09:23:49 PDT
I forgot to say that in order to make this issue reproduce more quickly, I kicked off a full WebKit build in the background (separate terminal window) to introduce some noise into the system.
Tadeu Zagallo
Comment 3 2019-09-20 17:29:32 PDT
Created attachment 379293 [details] Patch
Saam Barati
Comment 4 2019-09-20 17:43:23 PDT
Comment on attachment 379293 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379293&action=review r=me > Source/JavaScriptCore/bytecode/AccessCase.cpp:238 > +bool AccessCase::doesCalls(Vector<JSCell*>* cellsToMarkIfDoesCalls) const let's implement Yusuke's idea of listing all types() as a switch both in here and in forEachDependentCell, so in the future, when someone adds a new type, they'll get a compile error unless they implement the type in these functions. > Source/JavaScriptCore/bytecode/PropertyCondition.cpp:354 > bool PropertyCondition::isStillLive(VM& vm) const If this is no longer called, let's remove it > Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp:132 > + bool isValid = true; nit: let's call this isStillLive
Yusuke Suzuki
Comment 5 2019-09-20 17:44:50 PDT
r=me too, nice!
Tadeu Zagallo
Comment 6 2019-09-20 18:55:13 PDT
Created attachment 379301 [details] Patch
WebKit Commit Bot
Comment 7 2019-09-21 11:30:35 PDT
Comment on attachment 379301 [details] Patch Clearing flags on attachment: 379301 Committed r250184: <https://trac.webkit.org/changeset/250184>
WebKit Commit Bot
Comment 8 2019-09-21 11:30:37 PDT
All reviewed patches have been landed. Closing bug.
Tadeu Zagallo
Comment 9 2019-09-22 11:39:33 PDT
*** Bug 183266 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.