Bug 231688 - REGRESSION (r283852): ASSERTION FAILED: (bytecodeIndex << checkpointShift) >> checkpointShift == bytecodeIndex
Summary: REGRESSION (r283852): ASSERTION FAILED: (bytecodeIndex << checkpointShift) >>...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Tadeu Zagallo
URL:
Keywords: InRadar
Depends on:
Blocks: 229681
  Show dependency treegraph
 
Reported: 2021-10-13 11:22 PDT by Ryan Haddad
Modified: 2021-10-18 12:25 PDT (History)
10 users (show)

See Also:


Attachments
Patch (2.15 KB, patch)
2021-10-14 14:18 PDT, Tadeu Zagallo
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Haddad 2021-10-13 11:22:55 PDT
Multiple wasm/function-tests/trap-* tests are asserting on debug JSC bots:

ASSERTION FAILED: (bytecodeIndex << checkpointShift) >> checkpointShift == bytecodeIndex
/Volumes/Data/worker/catalina-debug/build/Source/JavaScriptCore/bytecode/BytecodeIndex.h(94) : static uint32_t JSC::BytecodeIndex::pack(uint32_t, JSC::Checkpoint)
1   0x1057a2fd9 WTFCrash
2   0x1060e173b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x1059ff004 JSC::BytecodeIndex::pack(unsigned int, unsigned char)
4   0x1059feed6 JSC::BytecodeIndex::BytecodeIndex(unsigned int, unsigned char)
5   0x10596a272 JSC::BytecodeIndex::BytecodeIndex(unsigned int, unsigned char)
6   0x106454d12 JSC::CallSiteIndex::bytecodeIndex() const
7   0x106e1f52b JSC::CallFrame::bytecodeIndex() const
8   0x106e2e90f JSC::StackVisitor::readNonInlinedFrame(JSC::CallFrame*, JSC::CodeOrigin*)
9   0x106e2e218 JSC::StackVisitor::readFrame(JSC::CallFrame*)
10  0x106e2e0b9 JSC::StackVisitor::StackVisitor(JSC::CallFrame*, JSC::VM&)
11  0x106e2e4b5 JSC::StackVisitor::StackVisitor(JSC::CallFrame*, JSC::VM&)
12  0x106e252d8 void JSC::StackVisitor::visit<(JSC::StackVisitor::EmptyEntryFrameAction)0, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, unsigned long, unsigned long)::$_6>(JSC::CallFrame*, JSC::VM&, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, unsigned long, unsigned long)::$_6 const&)
13  0x106e251a7 JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, unsigned long, unsigned long)
14  0x1072d8464 JSC::getStackTrace(JSC::JSGlobalObject*, JSC::VM&, JSC::JSObject*, bool)
15  0x1072db16e JSC::ErrorInstance::finishCreation(JSC::VM&, JSC::JSGlobalObject*, WTF::String const&, JSC::JSValue, WTF::String (*)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, bool)
16  0x10719dcd3 JSC::ErrorInstance::create(JSC::JSGlobalObject*, JSC::VM&, JSC::Structure*, WTF::String const&, JSC::JSValue, WTF::String (*)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, JSC::ErrorType, bool)
17  0x107a573cf JSC::createJSWebAssemblyRuntimeError(JSC::JSGlobalObject*, JSC::VM&, JSC::Wasm::ExceptionType)
18  0x1079df084 operationWasmToJSException
19  0x107a03727 slow_path_wasm_throw_exception
20  0x105e6a8a5 wasmLLIntPCRangeStart
21  0x5443cc656071
22  0x5443cc653dba
23  0x105e64570 llint_entry
24  0x105e40980 vmEntryToJavaScript
25  0x106e290fb JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
26  0x106e2b7f1 JSC::Interpreter::executeModuleProgram(JSC::JSModuleRecord*, JSC::ModuleProgramExecutable*, JSC::JSGlobalObject*, JSC::JSModuleEnvironment*, JSC::JSValue, JSC::JSValue)
27  0x1074ec95d JSC::JSModuleRecord::evaluate(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue)
28  0x10719be2e JSC::AbstractModuleRecord::evaluate(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue)
29  0x1074e60a9 JSC::JSModuleLoader::evaluateNonVirtual(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue)
30  0x1074e5fd6 JSC::JSModuleLoader::evaluate(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue)
31  0x107514750 JSC::moduleLoaderEvaluate(JSC::JSGlobalObject*, JSC::CallFrame*)
test_script_71485: line 2: 91042 Segmentation fault: 11  ( "$@" ../../../../.vm/JavaScriptCore.framework/Helpers/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --validateExceptionChecks\=true --useDollarVM\=true --maxPerThreadStackUsage\=1572864 --useFastTLSForWasmContext\=true --useFTLJIT\=true --useConcurrentJIT\=false --thresholdForJITAfterWarmUp\=100 --scribbleFreeCells\=true -m trap-load-shared.js )

https://build.webkit.org/#/builders/17/builds/1236/steps/jscore-test/logs/stdio

https://results.webkit.org/?suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&suite=javascriptcore-tests&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load-shared.js.wasm-eager&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load-shared.js.wasm-eager-jettison&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load-shared.js.wasm-no-cjit-yes-tls-context&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load.js.wasm-eager&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load.js.wasm-eager-jettison&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-load.js.wasm-no-cjit-yes-tls-context&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-store-2.js.wasm-eager&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-store-2.js.wasm-eager-jettison&test=wasm.yaml%2Fwasm%2Ffunction-tests%2Ftrap-store-2.js.wasm-no-cjit-yes-tls-context
Comment 1 Ryan Haddad 2021-10-13 11:25:51 PDT
I think this could be related to https://trac.webkit.org/changeset/283852/webkit
Comment 2 Radar WebKit Bug Importer 2021-10-13 11:26:05 PDT
<rdar://problem/84207898>
Comment 3 Tadeu Zagallo 2021-10-14 14:18:11 PDT
Created attachment 441280 [details]
Patch
Comment 4 Yusuke Suzuki 2021-10-14 14:39:25 PDT
Comment on attachment 441280 [details]
Patch

r=me
Comment 5 EWS 2021-10-14 16:15:23 PDT
Committed r284212 (243022@main): <https://commits.webkit.org/243022@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 441280 [details].