RESOLVED FIXED 231688
REGRESSION (r283852): ASSERTION FAILED: (bytecodeIndex << checkpointShift) >> checkpointShift == bytecodeIndex 
https://bugs.webkit.org/show_bug.cgi?id=231688
Summary REGRESSION (r283852): ASSERTION FAILED: (bytecodeIndex << checkpointShift) >>...
Ryan Haddad
Reported 2021-10-13 11:22:55 PDT
Multiple wasm/function-tests/trap-* tests are asserting on debug JSC bots: ASSERTION FAILED: (bytecodeIndex << checkpointShift) >> checkpointShift == bytecodeIndex /Volumes/Data/worker/catalina-debug/build/Source/JavaScriptCore/bytecode/BytecodeIndex.h(94) : static uint32_t JSC::BytecodeIndex::pack(uint32_t, JSC::Checkpoint) 1 0x1057a2fd9 WTFCrash 2 0x1060e173b WTFCrashWithInfo(int, char const*, char const*, int) 3 0x1059ff004 JSC::BytecodeIndex::pack(unsigned int, unsigned char) 4 0x1059feed6 JSC::BytecodeIndex::BytecodeIndex(unsigned int, unsigned char) 5 0x10596a272 JSC::BytecodeIndex::BytecodeIndex(unsigned int, unsigned char) 6 0x106454d12 JSC::CallSiteIndex::bytecodeIndex() const 7 0x106e1f52b JSC::CallFrame::bytecodeIndex() const 8 0x106e2e90f JSC::StackVisitor::readNonInlinedFrame(JSC::CallFrame*, JSC::CodeOrigin*) 9 0x106e2e218 JSC::StackVisitor::readFrame(JSC::CallFrame*) 10 0x106e2e0b9 JSC::StackVisitor::StackVisitor(JSC::CallFrame*, JSC::VM&) 11 0x106e2e4b5 JSC::StackVisitor::StackVisitor(JSC::CallFrame*, JSC::VM&) 12 0x106e252d8 void JSC::StackVisitor::visit<(JSC::StackVisitor::EmptyEntryFrameAction)0, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, unsigned long, unsigned long)::$_6>(JSC::CallFrame*, JSC::VM&, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, unsigned long, unsigned long)::$_6 const&) 13 0x106e251a7 JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, unsigned long, unsigned long) 14 0x1072d8464 JSC::getStackTrace(JSC::JSGlobalObject*, JSC::VM&, JSC::JSObject*, bool) 15 0x1072db16e JSC::ErrorInstance::finishCreation(JSC::VM&, JSC::JSGlobalObject*, WTF::String const&, JSC::JSValue, WTF::String (*)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, bool) 16 0x10719dcd3 JSC::ErrorInstance::create(JSC::JSGlobalObject*, JSC::VM&, JSC::Structure*, WTF::String const&, JSC::JSValue, WTF::String (*)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, JSC::ErrorType, bool) 17 0x107a573cf JSC::createJSWebAssemblyRuntimeError(JSC::JSGlobalObject*, JSC::VM&, JSC::Wasm::ExceptionType) 18 0x1079df084 operationWasmToJSException 19 0x107a03727 slow_path_wasm_throw_exception 20 0x105e6a8a5 wasmLLIntPCRangeStart 21 0x5443cc656071 22 0x5443cc653dba 23 0x105e64570 llint_entry 24 0x105e40980 vmEntryToJavaScript 25 0x106e290fb JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 26 0x106e2b7f1 JSC::Interpreter::executeModuleProgram(JSC::JSModuleRecord*, JSC::ModuleProgramExecutable*, JSC::JSGlobalObject*, JSC::JSModuleEnvironment*, JSC::JSValue, JSC::JSValue) 27 0x1074ec95d JSC::JSModuleRecord::evaluate(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue) 28 0x10719be2e JSC::AbstractModuleRecord::evaluate(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue) 29 0x1074e60a9 JSC::JSModuleLoader::evaluateNonVirtual(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue) 30 0x1074e5fd6 JSC::JSModuleLoader::evaluate(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue) 31 0x107514750 JSC::moduleLoaderEvaluate(JSC::JSGlobalObject*, JSC::CallFrame*) test_script_71485: line 2: 91042 Segmentation fault: 11 ( "$@" ../../../../.vm/JavaScriptCore.framework/Helpers/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --validateExceptionChecks\=true --useDollarVM\=true --maxPerThreadStackUsage\=1572864 --useFastTLSForWasmContext\=true --useFTLJIT\=true --useConcurrentJIT\=false --thresholdForJITAfterWarmUp\=100 --scribbleFreeCells\=true -m trap-load-shared.js ) https://build.webkit.org/#/builders/17/builds/1236/steps/jscore-test/logs/stdio https://results.webkit.org/?suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load-shared.js.wasm-eager&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load-shared.js.wasm-eager-jettison&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load-shared.js.wasm-no-cjit-yes-tls-context&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load.js.wasm-eager&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load.js.wasm-eager-jettison&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load.js.wasm-no-cjit-yes-tls-context&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-store-2.js.wasm-eager&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-store-2.js.wasm-eager-jettison&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-store-2.js.wasm-no-cjit-yes-tls-context
Attachments
Patch (2.15 KB, patch)
2021-10-14 14:18 PDT, Tadeu Zagallo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryan Haddad
Comment 1 2021-10-13 11:25:51 PDT
I think this could be related to https://trac.webkit.org/changeset/283852/webkit
Radar WebKit Bug Importer
Comment 2 2021-10-13 11:26:05 PDT
<rdar://problem/84207898>
Tadeu Zagallo
Comment 3 2021-10-14 14:18:11 PDT
Created attachment 441280 [details] Patch
Yusuke Suzuki
Comment 4 2021-10-14 14:39:25 PDT
Comment on attachment 441280 [details] Patch r=me
EWS
Comment 5 2021-10-14 16:15:23 PDT
Committed r284212 (243022@main): <https://commits.webkit.org/243022@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 441280 [details].
Note You need to log in before you can comment on or make changes to this bug.