[Webkit-unassigned] [Bug 187961] New: Fix missing exception check discovered after r234128.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 24 10:03:42 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=187961
Bug ID: 187961
Summary: Fix missing exception check discovered after r234128.
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mark.lam at apple.com
See JSC errors on the bots after this revision, is it related?
sample output:
https://build.webkit.org/builders/Apple%20High%20Sierra%20Debug%20JSC%20%28Tests%29/builds/1302/steps/jscore-test/logs/stdio
ASSERTION FAILED: !m_needExceptionCheck
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: ./runtime/VM.cpp(1188) : void JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation &)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 1 0x10a780dc9 WTFCrash
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 2 0x10bc07fe9 JSC::VM::verifyExceptionCheckNeedIsSatisfied(unsigned int, JSC::ExceptionEventLocation&)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 3 0x10bbe1a1b JSC::ThrowScope::~ThrowScope()
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 4 0x10bbe1df5 JSC::ThrowScope::~ThrowScope()
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 5 0x10b9e91bf JSC::intlNumberOption(JSC::ExecState&, JSC::JSValue, JSC::PropertyName, unsigned int, unsigned int, unsigned int)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 6 0x10b9dc745 JSC::IntlNumberFormat::initializeNumberFormat(JSC::ExecState&, JSC::JSValue, JSC::JSValue)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 7 0x10b9e037b JSC::constructIntlNumberFormat(JSC::ExecState*)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 8 0x4e2c6ec90cd
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 9 0x10a874d5f llint_entry
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 10 0x10a86c3d2 vmEntryToJavaScript
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 11 0x10b6c2f2a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 12 0x10b6c3503 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 13 0x10b95319a JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 14 0x10b92a315 JSC::arrayProtoFuncToLocaleString(JSC::ExecState*)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 15 0x4e2c6ec9177
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 16 0x10a8749e6 llint_entry
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 17 0x10a86c3d2 vmEntryToJavaScript
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 18 0x10b6c2f2a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 19 0x10b6bdfb1 JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, JSC::JSScope*)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 20 0x10b6bc982 JSC::eval(JSC::ExecState*)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 21 0x10b7adfc5 llint_slow_path_call_eval
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 22 0x10a875293 llint_entry
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 23 0x10a87496c llint_entry
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 24 0x10a8749e6 llint_entry
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 25 0x10a86c3d2 vmEntryToJavaScript
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 26 0x10b6c2f2a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 27 0x10b6c24d1 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 28 0x10b97b597 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 29 0x10a6bdd10 runWithOptions(GlobalObject*, CommandLine&, bool&)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 30 0x10a69567c jscmain(int, char**)::$_3::operator()(JSC::VM&, GlobalObject*, bool&) const
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: 31 0x10a67ce24 int runJSC<jscmain(int, char**)::$_3>(CommandLine, bool, jscmain(int, char**)::$_3 const&)
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: test_script_39150: line 2: 74689 Segmentation fault: 11 ( "$@" ../../../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --validateExceptionChecks\=true --useDollarVM\=true --maxPerThreadStackUsage\=1572864 --testTheFTL\=true --useFTLJIT\=true resources/standalone-pre.js array-string-recursion.js resources/standalone-post.js )
jsc-layout-tests.yaml/js/script-tests/array-string-recursion.js.layout: ERROR: Unexpected exit code: 139
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180724/75c4611c/attachment.html>
More information about the webkit-unassigned
mailing list