112676 2013-03-19 03:02:33 -0700 REGRESSION(r146089): It broke 20 sputnik tests on ARM traditional and Thumb2 2013-03-20 00:57:32 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED InRadar P1 Normal --- 108645 112376 1 ossy webkit-unassigned fpizlo ggaren ossy rgabor zherczeg oldest_to_newest 858099 0 ossy 2013-03-19 03:02:33 -0700 A change between r146057-r146163 broke 20 sputnik tests on ARM traditional, maybe on ARM Thumb2 too, who knows. See this page for details: http://build.webkit.sed.hu/results/ARMv7%20Linux%20Qt5%20Release%20%28Test%29/r146163%20%288084%29/results.html I'm going to bisect the culprit revision. 858125 1 ossy 2013-03-19 03:48:36 -0700 The bug is already valid on r146100. 858180 2 ossy 2013-03-19 05:00:49 -0700 I got it, http://trac.webkit.org/changeset/146089 is the culprit or it simple unhid an ARM traditional DFG JIT bug. 858213 3 ossy 2013-03-19 06:22:48 -0700 I checked, this bug is valid on Thumb2 too (with an additional jsc test fail): - r146089: http://build.webkit.sed.hu/builders/ARMv7%20Linux%20Qt5%20Release%20%28Test%29/builds/8089 - r146088: http://build.webkit.sed.hu/builders/ARMv7%20Linux%20Qt5%20Release%20%28Test%29/builds/8090 858220 4 ossy 2013-03-19 06:29:38 -0700 Hmmm, maybe it was already fixed by http://trac.webkit.org/changeset/146179. Let me check it. 858237 5 ossy 2013-03-19 06:53:38 -0700 (In reply to comment #4) > Hmmm, maybe it was already fixed by http://trac.webkit.org/changeset/146179. Let me check it. No, it wasn't fixed, the bug is still valid on r146200. 858372 6 ggaren 2013-03-19 09:50:47 -0700 <rdar://problem/13452502> 858663 7 fpizlo 2013-03-19 13:17:00 -0700 (In reply to comment #5) > (In reply to comment #4) > > Hmmm, maybe it was already fixed by http://trac.webkit.org/changeset/146179. Let me check it. > > No, it wasn't fixed, the bug is still valid on r146200. I cannot reproduce this on command-line in r146239. Ossy, can you check if the attached test case passes on jsc command line for you in ARMv7? Also, is ARMv7 on Qt using the ARMv7Assembler? 858665 8 193906 fpizlo 2013-03-19 13:17:20 -0700 Created attachment 193906 command-line test 858828 9 ossy 2013-03-19 15:54:45 -0700 (In reply to comment #8) > Created an attachment (id=193906) [details] > command-line test I have ARM traditional build now and this test fails with DFG JIT, but passes with disabled DFG JIT: $ ./jsc -f 1.js --useDFGJIT=false PASS TEST COMPLETE $ ./jsc -f 1.js FAIL SputnikError: #002.05833591723e-3126.3659873724e-314-002.397855243786e-312F TEST COMPLETE Let me check it on Thumb2 build too. 858838 10 ossy 2013-03-19 16:04:41 -0700 I got similar results with Thumb2 build: (on r146178) $ ./jsc -f 1.js --useDFGJIT=false PASS TEST COMPLETE buildbot@panda1:~/cute1/slaves/armReleaseTest/buildslave/arm-qt-linux-release- $ ./jsc -f 1.js FAIL SputnikError: #002.1219957905e-3142.1219957905e-314-002.1219957905e-314F TEST COMPLETE 858841 11 ossy 2013-03-19 16:08:44 -0700 (In reply to comment #7) > Also, is ARMv7 on Qt using the ARMv7Assembler? Our GCC's default is ARM, which uses ARMAssembler, but we can override it with -mthumb cflag and then ARMv7Assembler is used. I checked manually and this bug is valid with both of them. 858854 12 fpizlo 2013-03-19 16:19:39 -0700 (In reply to comment #11) > (In reply to comment #7) > > Also, is ARMv7 on Qt using the ARMv7Assembler? > > Our GCC's default is ARM, which uses ARMAssembler, but we can > override it with -mthumb cflag and then ARMv7Assembler is used. > I checked manually and this bug is valid with both of them. OK - this is super weird! This test passes fine for me. I think I found the issue though. Look at this code in DFGSpeculativeJIT.h: JITCompiler::Call callOperation(C_DFGOperation_EJ operation, GPRReg result, GPRReg arg1Tag, GPRReg arg1Payload) { m_jit.setupArgumentsWithExecState(arg1Payload, arg1Tag); return appendCallWithExceptionCheckSetResult(operation, result); } Can you try passing EABI_32BIT_DUMMY_ARG like so: m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag); And seeing if it passes? The DUMMY_ARG thing isn't necessary on our ABI but I think it is on yours. Sorry for this breakage! ABIs are hard! ;-) 858868 13 ossy 2013-03-19 16:46:39 -0700 (In reply to comment #12) > Can you try passing EABI_32BIT_DUMMY_ARG like so: > > m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag); > > And seeing if it passes? The DUMMY_ARG thing isn't necessary on our ABI but I think it is on yours. > > Sorry for this breakage! ABIs are hard! ;-) Yay, this command line test passes with this change. Many thanks for the fix. 858914 14 fpizlo 2013-03-19 17:49:08 -0700 (In reply to comment #13) > (In reply to comment #12) > > Can you try passing EABI_32BIT_DUMMY_ARG like so: > > > > m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag); > > > > And seeing if it passes? The DUMMY_ARG thing isn't necessary on our ABI but I think it is on yours. > > > > Sorry for this breakage! ABIs are hard! ;-) > > Yay, this command line test passes with this change. Many thanks for the fix. Can you land? 859130 15 ossy 2013-03-20 00:45:58 -0700 Fix landed in http://trac.webkit.org/changeset/146309. 859137 16 fpizlo 2013-03-20 00:57:32 -0700 (In reply to comment #15) > Fix landed in http://trac.webkit.org/changeset/146309. Thanks! :-) 193906 2013-03-19 13:17:20 -0700 2013-03-19 13:17:20 -0700 command-line test test.js application/x-javascript 3157 fpizlo ZnVuY3Rpb24gU3B1dG5pa0Vycm9yKG1lc3NhZ2UpCnsKICAgIHRoaXMubWVzc2FnZSA9IG1lc3Nh Z2U7Cn0KClNwdXRuaWtFcnJvci5wcm90b3R5cGUudG9TdHJpbmcgPSBmdW5jdGlvbiAoKQp7CiAg ICByZXR1cm4gJ1NwdXRuaWtFcnJvcjogJyArIHRoaXMubWVzc2FnZTsKfTsKCnZhciBzcHV0bmlr RXhjZXB0aW9uOwoKZnVuY3Rpb24gdGVzdFByaW50KG1zZykKewogICAgcHJpbnQobXNnKTsKfQoK ZnVuY3Rpb24gZXNjYXBlSFRNTCh0ZXh0KQp7CiAgICByZXR1cm4gdGV4dC50b1N0cmluZygpLnJl cGxhY2UoLyYvZywgIiZhbXA7IikucmVwbGFjZSgvPC9nLCAiJmx0OyIpOwp9CgpmdW5jdGlvbiBw cmludFRlc3RQYXNzZWQobXNnKQp7CiAgICB0ZXN0UHJpbnQoJzxzcGFuPjxzcGFuIGNsYXNzPSJw YXNzIj5QQVNTPC9zcGFuPiAnICsgZXNjYXBlSFRNTChtc2cpICsgJzwvc3Bhbj4nKTsKfQoKZnVu Y3Rpb24gcHJpbnRUZXN0RmFpbGVkKG1zZykKewogICAgdGVzdFByaW50KCc8c3Bhbj48c3BhbiBj bGFzcz0iZmFpbCI+RkFJTDwvc3Bhbj4gJyArIGVzY2FwZUhUTUwobXNnKSArICc8L3NwYW4+Jyk7 Cn0KCmZ1bmN0aW9uIHRlc3RGYWlsZWQobXNnKQp7CiAgICB0aHJvdyBuZXcgU3B1dG5pa0Vycm9y KG1zZyk7Cn0KCnZhciBzdWNjZXNzZnVsbHlQYXJzZWQgPSBmYWxzZTsKCnRyeSB7CgovKioKICog QG5hbWU6IFMxNS4xLjMuMV9BMi4yX1QxOwogKiBAc2VjdGlvbjogMTUuMS4zLjE7CiAqIEBhc3Nl cnRpb246IElmIEIxID0gMHh4eHh4eHh4IChbMHgwMCAtIDB4N0ZdKSwgd2l0aG91dCBbdXJpUmVz ZXJ2ZWQsICNdLCByZXR1cm4gQjE7CiAqIEBkZXNjcmlwdGlvbjogQ29tcGxleCB0ZXN0cywgdXNl IFJGQyAzNjI5OwoqLwoKZXJyb3JDb3VudCA9IDA7CmNvdW50ID0gMDsKdmFyIGluZGV4UDsKdmFy IGluZGV4TyA9IDA7CnVyaVJlc2VydmVkID0gWyI7IiwgIi8iLCAiPyIsICI6IiwgIkAiLCAiJiIs ICI9IiwgIisiLCAiJCIsICIsIl07Cmw6CmZvciAoaW5kZXhCMSA9IDB4MDA7IGluZGV4QjEgPD0g MHg3RjsgaW5kZXhCMSsrKSB7ICAgICAgIAogIGNvdW50Kys7CiAgdmFyIGhleEIxID0gZGVjaW1h bFRvSGV4U3RyaW5nKGluZGV4QjEpOyAgCiAgdmFyIGluZGV4ID0gaW5kZXhCMTsgIAogIHRyeSB7 CiAgICBoZXggPSBTdHJpbmcuZnJvbUNoYXJDb2RlKGluZGV4KTsKICAgIGZvciAoaW5kZXhDID0g MDsgaW5kZXhDIDwgdXJpUmVzZXJ2ZWQubGVuZ3RoOyBpbmRleEMrKykgeyAgICAKICAgICAgaWYg KGhleCA9PT0gdXJpUmVzZXJ2ZWRbaW5kZXhDXSkgY29udGludWUgbDsgICAgICAgIAogICAgfSAK ICAgIGlmIChoZXggPT09ICIjIikgY29udGludWUgbDsKICAgIGlmIChkZWNvZGVVUkkoIiUiICsg aGV4QjEuc3Vic3RyaW5nKDIpKSA9PT0gaGV4KSBjb250aW51ZTsKICB9IGNhdGNoIChlKSB7fSAg IAogIGlmIChpbmRleE8gPT09IDApIHsgCiAgICBpbmRleE8gPSBpbmRleDsKICB9IGVsc2Ugewog ICAgaWYgKChpbmRleCAtIGluZGV4UCkgIT09IDEpIHsgICAgICAgICAgICAgCiAgICAgIGlmICgo aW5kZXhQIC0gaW5kZXhPKSAhPT0gMCkgewogICAgICAgIHZhciBoZXhQID0gZGVjaW1hbFRvSGV4 U3RyaW5nKGluZGV4UCk7CiAgICAgICAgdmFyIGhleE8gPSBkZWNpbWFsVG9IZXhTdHJpbmcoaW5k ZXhPKTsKICAgICAgICB0ZXN0RmFpbGVkKCcjJyArIGhleE8gKyAnLScgKyBoZXhQICsgJyAnKTsK ICAgICAgfSAKICAgICAgZWxzZSB7CiAgICAgICAgdmFyIGhleFAgPSBkZWNpbWFsVG9IZXhTdHJp bmcoaW5kZXhQKTsKICAgICAgICB0ZXN0RmFpbGVkKCcjJyArIGhleFAgKyAnICcpOwogICAgICB9 ICAKICAgICAgaW5kZXhPID0gaW5kZXg7CiAgICB9ICAgICAgICAgCiAgfQogIGluZGV4UCA9IGlu ZGV4OwogIGVycm9yQ291bnQrKzsgICAgICAgICAKfQoKaWYgKGVycm9yQ291bnQgPiAwKSB7CiAg aWYgKChpbmRleFAgLSBpbmRleE8pICE9PSAwKSB7CiAgICB2YXIgaGV4UCA9IGRlY2ltYWxUb0hl eFN0cmluZyhpbmRleFApOwogICAgdmFyIGhleE8gPSBkZWNpbWFsVG9IZXhTdHJpbmcoaW5kZXhP KTsKICAgIHRlc3RGYWlsZWQoJyMnICsgaGV4TyArICctJyArIGhleFAgKyAnICcpOwogIH0gZWxz ZSB7CiAgICB2YXIgaGV4UCA9IGRlY2ltYWxUb0hleFN0cmluZyhpbmRleFApOwogICAgdGVzdEZh aWxlZCgnIycgKyBoZXhQICsgJyAnKTsKICB9ICAgICAKICB0ZXN0RmFpbGVkKCdUb3RhbCBlcnJv cjogJyArIGVycm9yQ291bnQgKyAnIGJhZCBVbmljb2RlIGNoYXJhY3RlciBpbiAnICsgY291bnQg KyAnICcpOwp9CgpmdW5jdGlvbiBkZWNpbWFsVG9IZXhTdHJpbmcobikgewogIG4gPSBOdW1iZXIo bik7CiAgdmFyIGggPSAiIjsKICBmb3IgKHZhciBpID0gMzsgaSA+PSAwOyBpLS0pIHsKICAgIGlm IChuID49IE1hdGgucG93KDE2LCBpKSkgewogICAgICB2YXIgdCA9IE1hdGguZmxvb3IobiAvIE1h dGgucG93KDE2LCBpKSk7CiAgICAgIG4gLT0gdCAqIE1hdGgucG93KDE2LCBpKTsKICAgICAgaWYg KCB0ID49IDEwICkgewogICAgICAgIGlmICggdCA9PSAxMCApIHsgaCArPSAiQSI7IH0KICAgICAg ICBpZiAoIHQgPT0gMTEgKSB7IGggKz0gIkIiOyB9CiAgICAgICAgaWYgKCB0ID09IDEyICkgeyBo ICs9ICJDIjsgfQogICAgICAgIGlmICggdCA9PSAxMyApIHsgaCArPSAiRCI7IH0KICAgICAgICBp ZiAoIHQgPT0gMTQgKSB7IGggKz0gIkUiOyB9CiAgICAgICAgaWYgKCB0ID09IDE1ICkgeyBoICs9 ICJGIjsgfQogICAgICB9IGVsc2UgewogICAgICAgIGggKz0gU3RyaW5nKHQpOwogICAgICB9CiAg ICB9IGVsc2UgewogICAgICBoICs9ICIwIjsKICAgIH0KICB9CiAgcmV0dXJuIGg7Cn0KCn0gY2F0 Y2ggKGV4KSB7CiAgICBzcHV0bmlrRXhjZXB0aW9uID0gZXg7Cn0KCnZhciBzdWNjZXNzZnVsbHlQ YXJzZWQgPSB0cnVlOwoKaWYgKCFzdWNjZXNzZnVsbHlQYXJzZWQpCiAgICBwcmludFRlc3RGYWls ZWQoJ3N1Y2Nlc3NmdWxseVBhcnNlZCBpcyBub3Qgc2V0Jyk7CmVsc2UgaWYgKHNwdXRuaWtFeGNl cHRpb24pCiAgICBwcmludFRlc3RGYWlsZWQoc3B1dG5pa0V4Y2VwdGlvbik7CmVsc2UKICAgIHBy aW50VGVzdFBhc3NlZCgiIik7CnRlc3RQcmludCgnPGJyIC8+PHNwYW4gY2xhc3M9InBhc3MiPlRF U1QgQ09NUExFVEU8L3NwYW4+Jyk7Cg==