[Webkit-unassigned] [Bug 171786] New: REGRESSION(r216301): ChakraCore.yaml/ChakraCore/test/Strings/HTMLHelpers.js.default intermittently fails
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat May 6 21:33:19 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=171786
Bug ID: 171786
Summary: REGRESSION(r216301):
ChakraCore.yaml/ChakraCore/test/Strings/HTMLHelpers.js
.default intermittently fails
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mark.lam at apple.com
After r216301, ChakraCore.yaml/ChakraCore/test/Strings/HTMLHelpers.js.default intermittently fails.
Here's how I reproduce the issue:
1. cd JSTests/ChakraCore/test/Strings
2. lldb jsc -- --useFunctionDotArguments\=true --maxPerThreadStackUsage\=1572864 --thresholdForJITAfterWarmUp\=10 --thresholdForJITSoon\=10 --thresholdForOptimizeAfterWarmUp\=20 --thresholdForOptimizeAfterLongWarmUp\=20 --thresholdForOptimizeSoon\=20 --thresholdForFTLOptimizeAfterWarmUp\=20 --thresholdForFTLOptimizeSoon\=20 --maximumEvalCacheableSourceLength\=150000 --useEagerCodeBlockJettisonTiming\=true ../jsc-lib.js HTMLHelpers.js
The stack trace:
(lldb) bt 15
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
frame #0: 0x0000000101499cb4 JavaScriptCore`::WTFCrash() at Assertions.cpp:292
* frame #1: 0x00000001005dce07 JavaScriptCore`::slow_path_throw_static_error(exec=0x00007fff5fbfb620, pc=0x00000001093f0780) at CommonSlowPaths.cpp:993
frame #2: 0x00003047ef803323
frame #3: 0x0000000100ff9e71 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:795
frame #4: 0x0000000100ff272e JavaScriptCore`vmEntryToJavaScript at LowLevelInterpreter64.asm:254
frame #5: 0x0000000100dc5d0e JavaScriptCore`JSC::JITCode::execute(this=0x00000001044ec898, vm=0x0000000109000000, protoCallFrame=0x00007fff5fbfb990) at JITCode.cpp:81
frame #6: 0x0000000100d71c41 JavaScriptCore`JSC::Interpreter::execute(this=0x00000001045f4040, eval=0x000000010977f8a0, callFrame=0x00007fff5fbfd150, thisValue=JSValue @ 0x00007fff5fbfbd40, scope=0x00000001097a4de0) at Interpreter.cpp:1223
frame #7: 0x0000000100d70594 JavaScriptCore`JSC::eval(callFrame=0x00007fff5fbfd150) at Interpreter.cpp:170
frame #8: 0x0000000100ddadc1 JavaScriptCore`::operationCallEval(exec=0x00007fff5fbfd1e0, execCallee=0x00007fff5fbfd150) at JITOperations.cpp:845
frame #9: 0x00003047ef821627
frame #10: 0x00003047ef8272dd
frame #11: 0x0000000100ff9df7 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:795
frame #12: 0x0000000100ff9e71 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:795
frame #13: 0x0000000100ff9e71 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:795
frame #14: 0x0000000100ff9e71 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:795
(lldb) up
frame #1: 0x00000001005dce07 JavaScriptCore`::slow_path_throw_static_error(exec=0x00007fff5fbfb620, pc=0x00000001093f0780) at CommonSlowPaths.cpp:993
990 {
991 BEGIN();
992 JSValue errorMessageValue = OP_C(1).jsValue();
-> 993 RELEASE_ASSERT(errorMessageValue.isString());
994 String errorMessage = asString(errorMessageValue)->value(exec);
995 ErrorType errorType = static_cast<ErrorType>(pc[2].u.unsignedValue);
996 THROW(createError(exec, errorType, errorMessage));
(lldb) p errorMessageValue
(JSC::JSValue) $0 = {
u = {
asInt64 = 10
ptr = 0x000000000000000a
asBits = (payload = 10, tag = 0)
}
}
i.e. errorMessageValue is undefined.
AFAICT, this issue only manifests if the DFG is enabled (FTL not required).
Needless to say, it also manifests on a release build.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170507/3e3de864/attachment.html>
More information about the webkit-unassigned
mailing list