[Webkit-unassigned] [Bug 153704] New: [DFG] call-varargs-from-inlined-code-with-odd-number-of-arguments.js fails in POSIX environment if SamplingProfiler is enabled

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jan 30 03:59:50 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=153704

            Bug ID: 153704
           Summary: [DFG]
                    call-varargs-from-inlined-code-with-odd-number-of-argu
                    ments.js fails in POSIX environment if
                    SamplingProfiler is enabled
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: utatane.tea at gmail.com

I think, the signaling patch itself does not have problems and DFG or elsewhere have some problem...
I uploaded some very very simple patch in https://bugs.webkit.org/show_bug.cgi?id=153584
That just emit signal in ::suspend and do nothing in ::resume. Signal handler does nothing.
And SamplingProfiler just calls suspend and resume periodically.

Anything special is not done in the above testing patch. It just emits signals. Signal handler does nothing.

Even in the above situation, call-varargs-from-inlined-code-with-odd-number-of-arguments.js sometimes fails. So I think the following situation.

1. Signal handler is set with SA_RESTART. But some system calls does not restart. For example, sleep, usleep are the cases in UNIX. We need to fix this anyway (I'll open the bug for that)
2. So, in some place, sleep is interrupted.
3. As a result, the path that is rarely taken may be taken. For example, if you set some threshold time for invoking DFG, it may not be executed in the usual test cases. But due to interrupted sleep, it may be invoked.
4. And since this path has some issue, it causes the test failure, the result becomes NaN.

So I think there are some issues in DFG because when disabling DFG (with env variables), the issue does not occur.
And when disabling FTL, the issue occur.

I opened 2 issues.

1. Making non-restarted syscalls signal-safe. (Like sleep) [https://bugs.webkit.org/show_bug.cgi?id=153703]
2. Tracking call-varargs-from-inlined-code-with-odd-number-of-arguments.js issue [this one]

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160130/a2a3be53/attachment-0001.html>

More information about the webkit-unassigned mailing list