Bug 242615
| Summary: | REGRESSION (252288@main?): 10 wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js failing on JSC Debug bots | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Karl Rackler <rackler> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | webkit-bot-watchers-bugzilla, webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Karl Rackler
The following JSC tests are failing on debug bots:
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-bbqb3
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-eager-jettison
stress/gc-invocation-with-transfer.js.ftl-no-cjit-validate-sampling-profiler
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-slow-memory
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-eager
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-no-tls-context
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-air
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.default-wasm
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-b3
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-no-cjit-yes-tls-context
https://build.webkit.org/#/builders/378/builds/1339
Crash Log:
ASSERTION FAILED: currentHeapSize >= m_sizeAfterLastCollect
heap/Heap.cpp(2364) : void JSC::Heap::updateAllocationLimits()
1 0x1154fde54 WTFCrash
2 0x115b103f0 JSC::IntlListFormat::initializeListFormat(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue)
3 0x1168ef928 JSC::Heap::updateAllocationLimits()
4 0x1168ee11c JSC::Heap::runEndPhase(JSC::GCConductor)
5 0x1168ec94c JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*)
6 0x11693db7c JSC::Heap::collectInMutatorThread()::$_0::operator()(JSC::CurrentThreadState&) const
7 0x11693db10 WTF::ScopedLambdaFunctor<void (JSC::CurrentThreadState&), JSC::Heap::collectInMutatorThread()::$_0>::implFunction(void*, JSC::CurrentThreadState&)
8 0x116999670 void WTF::ScopedLambda<void (JSC::CurrentThreadState&)>::operator()<JSC::CurrentThreadState&>(JSC::CurrentThreadState&) const
9 0x1169995f4 JSC::callWithCurrentThreadState(WTF::ScopedLambda<void (JSC::CurrentThreadState&)> const&)
10 0x1168f1418 JSC::Heap::collectInMutatorThread()
11 0x1168f11dc JSC::Heap::stopIfNecessarySlow(unsigned int)
12 0x1168f0fc8 JSC::Heap::stopIfNecessarySlow()
13 0x1168ec178 JSC::Heap::stopIfNecessary()
14 0x1168e8e48 JSC::Heap::collectIfNecessaryOrDefer(JSC::GCDeferralContext*)
15 0x1168e8b94 JSC::Heap::reportExtraMemoryAllocatedSlowCase(unsigned long)
16 0x116edddc8 JSC::Heap::reportExtraMemoryAllocated(unsigned long)
17 0x117130f74 JSC::JSArrayBufferView::ConstructionContext::ConstructionContext(JSC::VM&, JSC::Structure*, unsigned long, unsigned int, JSC::JSArrayBufferView::ConstructionContext::InitializationMode)
18 0x11713113c JSC::JSArrayBufferView::ConstructionContext::ConstructionContext(JSC::VM&, JSC::Structure*, unsigned long, unsigned int, JSC::JSArrayBufferView::ConstructionContext::InitializationMode)
19 0x116735c14 JSC::JSGenericTypedArrayView<JSC::Uint8Adaptor>::create(JSC::JSGlobalObject*, JSC::Structure*, unsigned long)
20 0x116676d94 JSC::JSObject* JSC::constructGenericTypedArrayViewWithArguments<JSC::JSGenericTypedArrayView<JSC::Uint8Adaptor> >(JSC::JSGlobalObject*, JSC::Structure*, long long, unsigned long, std::__1::optional<unsigned long>)
21 0x1172bf108 long long JSC::constructGenericTypedArrayViewImpl<JSC::JSGenericTypedArrayView<JSC::Uint8Adaptor> >(JSC::JSGlobalObject*, JSC::CallFrame*)
22 0x1172bebf0 JSC::constructUint8Array(JSC::JSGlobalObject*, JSC::CallFrame*)
23 0x11e6040f0
24 0x115b6c894 llint_entry
25 0x115b46340 vmEntryToJavaScript
26 0x116b503fc JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
27 0x116b4fa14 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
28 0x116fe5908 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
29 0x102f97030 runWithOptions(GlobalObject*, CommandLine&, bool&)
30 0x102f4aac8 jscmain(int, char**)::$_12::operator()(JSC::VM&, GlobalObject*, bool&) const
31 0x102f15080 int runJSC<jscmain(int, char**)::$_12>(CommandLine const&, bool, jscmain(int, char**)::$_12 const&)
test_script_36349: line 2: 89561 Segmentation fault: 11 ( "$@" ../../.vm/JavaScriptCore.framework/Helpers/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --validateExceptionChecks\=true --useDollarVM\=true --maxPerThreadStackUsage\=1572864 --validateGraph\=true --validateBCE\=true --useSamplingProfiler\=true --airForceIRCAllocator\=true --useDataICInFTL\=true --forceUnlinkedDFG\=true --useFTLJIT\=true --useConcurrentJIT\=false --thresholdForJITAfterWarmUp\=100 --scribbleFreeCells\=true gc-invocation-with-transfer.js )
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/96850434>
Ryan Haddad
https://commits.webkit.org/252262@main looks like it could be related, it added the stress/gc-invocation-with-transfer.js test.
Yusuke Suzuki
Fixed in bug 242630
*** This bug has been marked as a duplicate of bug 242630 ***