Bug 186630

Summary: REGRESSION(232741): Crash running ARES-6
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, ews-watchlist, keith_miller, mark.lam, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Michael Saboff 2018-06-14 13:19:16 PDT 
<rdar://problem/41102411>

Looks like we crash as we are DFG compiling a function running Babylon.

Process:               com.apple.WebKit.WebContent.Development [4233]
Code Type:             X86-64 (Native)
Responsible:           Safari [4226]
User ID:               501

Date/Time:             2018-06-13 14:36:11.293 -0700
Report Version:        12

Crashed Thread:        17  WTF::AutomaticThread

Exception Type:        EXC_BREAKPOINT (SIGTRAP)
Exception Codes:       0x0000000000000002, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Trace/BPT trap: 5
Termination Reason:    Namespace SIGNAL, Code 0x5
Terminating Process:   exc handler [4233]
…
Thread 17 Crashed:: WTF::AutomaticThread
0   com.apple.JavaScriptCore      	0x00000002bc0c63fa JSC::DFG::BasicBlock::replacePredecessor(JSC::DFG::BasicBlock*, JSC::DFG::BasicBlock*) + 58
1   com.apple.JavaScriptCore      	0x00000002bc14db5a JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge(JSC::DFG::BasicBlock*, JSC::DFG::BasicBlock**) + 218
2   com.apple.JavaScriptCore      	0x00000002bc14d99c JSC::DFG::CriticalEdgeBreakingPhase::run() + 668
3   com.apple.JavaScriptCore      	0x00000002bc143ae3 bool JSC::DFG::runPhase<JSC::DFG::CriticalEdgeBreakingPhase>(JSC::DFG::Graph&) + 115
4   com.apple.JavaScriptCore      	0x00000002bc2443f8 JSC::DFG::Plan::compileInThreadImpl() + 3624
5   com.apple.JavaScriptCore      	0x00000002bc242eb6 JSC::DFG::Plan::compileInThread(JSC::DFG::ThreadData*) + 646
6   com.apple.JavaScriptCore      	0x00000002bc34bacc JSC::DFG::Worklist::ThreadBody::work() + 300
7   com.apple.JavaScriptCore      	0x00000002bbdc3ec0 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 304
8   com.apple.JavaScriptCore      	0x00000002bbdf0312 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 194
9   com.apple.JavaScriptCore      	0x00000002bbbf8459 WTF::wtfThreadEntryPoint(void*) + 9
10  libsystem_pthread.dylib       	0x00007fff6c7fbb47 _pthread_body + 128
11  libsystem_pthread.dylib       	0x00007fff6c7fbac5 _pthread_start + 61
12  libsystem_pthread.dylib       	0x00007fff6c7fb6f1 thread_start + 13
Comment 1 Michael Saboff 2018-06-14 13:29:35 PDT 
Created attachment 342757 [details]
Patch
Comment 2 Saam Barati 2018-06-14 13:34:05 PDT 
Comment on attachment 342757 [details]
Patch

r=me
Comment 3 WebKit Commit Bot 2018-06-14 14:48:09 PDT 
Comment on attachment 342757 [details]
Patch

Clearing flags on attachment: 342757

Committed r232856: <https://trac.webkit.org/changeset/232856>
Comment 4 WebKit Commit Bot 2018-06-14 14:48:11 PDT 
All reviewed patches have been landed.  Closing bug.