[Webkit-unassigned] [Bug 189703] New: ASSERTION FAILED: Unsafe branch over register allocation at instruction offset 270 in jump offset range 270..305

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 18 11:02:55 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=189703

            Bug ID: 189703
           Summary: ASSERTION FAILED: Unsafe branch over register
                    allocation at instruction offset 270 in jump offset
                    range 270..305
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: realdawei at apple.com

Debug JSC has an assertion failure on the following test:
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager


sample output:
https://build.webkit.org/builders/Apple%20High%20Sierra%20Debug%20JSC%20%28Tests%29/builds/1509/steps/jscore-test/logs/stdio


ASSERTION FAILED: Unsafe branch over register allocation at instruction offset 270 in jump offset range 270..305
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: !(low <= m_offset && m_offset <= high)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: /Volumes/Data/slave/highsierra-debug/build/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h(818) : void JSC::AbstractMacroAssembler<JSC::X86Assembler>::RegisterAllocationOffset::checkOffsets(unsigned int, unsigned int) [AssemblerType = JSC::X86Assembler]
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 1   0x102db92c9 WTFCrash
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: ASSERTION FAILED: Unsafe branch over register allocation at instruction offset 276 in jump offset range 276..323
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: !(low <= m_offset && m_offset <= high)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: /Volumes/Data/slave/highsierra-debug/build/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h(818) : void JSC::AbstractMacroAssembler<JSC::X86Assembler>::RegisterAllocationOffset::checkOffsets(unsigned int, unsigned int) [AssemblerType = JSC::X86Assembler]
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 2   0x102f60c2d JSC::AbstractMacroAssembler<JSC::X86Assembler>::RegisterAllocationOffset::checkOffsets(unsigned int, unsigned int)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 1   0x102db92c9 WTFCrash
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 3   0x102f609cf JSC::AbstractMacroAssembler<JSC::X86Assembler>::checkRegisterAllocationAgainstBranchRange(unsigned int, unsigned int)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 2   0x102f60c2d JSC::AbstractMacroAssembler<JSC::X86Assembler>::RegisterAllocationOffset::checkOffsets(unsigned int, unsigned int)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 4   0x102eb1a2c JSC::AbstractMacroAssembler<JSC::X86Assembler>::Jump::link(JSC::AbstractMacroAssembler<JSC::X86Assembler>*) const
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 3   0x102f609cf JSC::AbstractMacroAssembler<JSC::X86Assembler>::checkRegisterAllocationAgainstBranchRange(unsigned int, unsigned int)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 5   0x1030deea9 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 4   0x102eb1a2c JSC::AbstractMacroAssembler<JSC::X86Assembler>::Jump::link(JSC::AbstractMacroAssembler<JSC::X86Assembler>*) const
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 6   0x102ec1890 JSC::DFG::SpeculativeJIT::compileCurrentBlock()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 5   0x1030deea9 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 7   0x102ec3315 JSC::DFG::SpeculativeJIT::compile()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 6   0x102ec1890 JSC::DFG::SpeculativeJIT::compileCurrentBlock()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 8   0x103a1be57 JSC::DFG::JITCompiler::compileBody()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 7   0x102ec3315 JSC::DFG::SpeculativeJIT::compile()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 9   0x103a207a5 JSC::DFG::JITCompiler::compileFunction()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 8   0x103a1be57 JSC::DFG::JITCompiler::compileBody()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 10  0x103b5225a JSC::DFG::Plan::compileInThreadImpl()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 9   0x103a207a5 JSC::DFG::JITCompiler::compileFunction()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 11  0x103b4f852 JSC::DFG::Plan::compileInThread(JSC::DFG::ThreadData*)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 10  0x103b5225a JSC::DFG::Plan::compileInThreadImpl()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 12  0x103c05436 JSC::DFG::Worklist::ThreadBody::work()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 11  0x103b4f852 JSC::DFG::Plan::compileInThread(JSC::DFG::ThreadData*)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 13  0x102dcee9f WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 12  0x103c05436 JSC::DFG::Worklist::ThreadBody::work()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 14  0x102dcea89 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 13  0x102dcee9f WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 15  0x102de052d WTF::Function<void ()>::operator()() const
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 14  0x102dcea89 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call()
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 16  0x102e6a9b3 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 15  0x102de052d WTF::Function<void ()>::operator()() const
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 17  0x102e709b5 WTF::wtfThreadEntryPoint(void*)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 16  0x102e6a9b3 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 18  0x7fff6eb48661 _pthread_body
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 17  0x102e709b5 WTF::wtfThreadEntryPoint(void*)
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 19  0x7fff6eb4850d _pthread_body
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 18  0x7fff6eb48661 _pthread_body
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 20  0x7fff6eb47bf9 thread_start
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 19  0x7fff6eb4850d _pthread_body
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: 20  0x7fff6eb47bf9 thread_start
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: test_script_44127: line 2: 80592 Segmentation fault: 11  ( "$@" ../../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --validateExceptionChecks\=true --useDollarVM\=true --maxPerThreadStackUsage\=1572864 --useIntlPluralRules\=true --useTypeProfiler\=true --useFTLJIT\=true --thresholdForJITAfterWarmUp\=10 --thresholdForJITSoon\=10 --thresholdForOptimizeAfterWarmUp\=20 --thresholdForOptimizeAfterLongWarmUp\=20 --thresholdForOptimizeSoon\=20 --thresholdForFTLOptimizeAfterWarmUp\=20 --thresholdForFTLOptimizeSoon\=20 --maximumEvalCacheableSourceLength\=150000 --useEagerCodeBlockJettisonTiming\=true type-profiler-gc.js )
typeProfiler.yaml/typeProfiler/type-profiler-gc.js.ftl-type-profiler-ftl-eager: ERROR: Unexpected exit code: 139

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180918/801ae0dd/attachment-0001.html>

More information about the webkit-unassigned mailing list