)]}' { "commit": "c532458e092841c97c6f7f66982e88cd596c0bd9", "tree": "03c6216d178e52265f300b4f35a237aac9ab7ffa", "parents": [ "2736dab879cdab4b038948c3188731679bb2a4ad" ], "author": { "name": "Alexander Markov", "email": "alexmarkov@google.com", "time": "Thu May 09 23:16:38 2019 +0000" }, "committer": { "name": "commit-bot@chromium.org", "email": "commit-bot@chromium.org", "time": "Thu May 09 23:16:38 2019 +0000" }, "message": "[vm/compiler] Fix for flaky crash in CallSpecializer::ReplaceWithInstanceOf\n\nThere were rare crashes\n\n../../runtime/vm/compiler/call_specializer.cc: 1393: error: expected: call-\u003eMatchesCoreName(Symbols::_simpleInstanceOf())\nversion\u003d2.3.0-edge.796ebc6069bde3a59475a9b45075f49e50b0cc34 (Thu May 9 09:38:28 2019 -0700) on \"linux_x64\"\nthread\u003d82540, isolate\u003dvm-service(0x558748c5d200)\n pc 0x000055874635dd6c fp 0x00007fa94dd3bf30 dart::Profiler::DumpStackTrace(void*)\n pc 0x0000558745f90332 fp 0x00007fa94dd3c010 dart::Assert::Fail(char const*, ...)\n pc 0x000055874653909b fp 0x00007fa94dd3c0a0 dart::CallSpecializer::ReplaceWithInstanceOf(dart::InstanceCallInstr*)\n pc 0x0000558746496ed6 fp 0x00007fa94dd3c0f0 dart::FlowGraphVisitor::VisitBlocks()\n\nwhen running\n\ntools/test.py --repeat 5000 -n dartkb-mixed-linux-debug-x64 language_2/null_test\n\nat the rate ~1-3 crashes per 30,000 test cases.\n\nThe problem is that in function\n\nbool InstanceCallInstr::MatchesCoreName(const String\u0026 name) {\n return function_name().raw() \u003d\u003d Library::PrivateCoreLibName(name).raw();\n}\n\n\u0027function_name().raw()\u0027 is evaluated before PrivateCoreLibName(name) is called\nand saved in a temporary (register). PrivateCoreLibName may trigger GC and\nrelocate objects. In such case, \u0027PrivateCoreLibName(name).raw()\u0027 results in a\nmoved object, which is compared to a stale object address.\n\nThis CL fixes InstanceCallInstr::MatchesCoreName and other similar places\nby introducing Library::IsPrivateCoreLibName, which is also a little bit more\nefficient as it avoids extra symbol table lookup.\n\nChange-Id: I4dc91c586b0c595a3e85d6da13b98fc2248fb8fd\nReviewed-on: https://dart-review.googlesource.com/c/sdk/+/102120\nCommit-Queue: Alexander Markov \u003calexmarkov@google.com\u003e\nReviewed-by: Aart Bik \u003cajcbik@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "05d30297a8ff0f95a67a41ad4dc06ec50c0666ab", "old_mode": 33188, "old_path": "runtime/vm/compiler/backend/il.cc", "new_id": "635c4be683a33ff443e8dcfd0beb07a279ad294d", "new_mode": 33188, "new_path": "runtime/vm/compiler/backend/il.cc" }, { "type": "modify", "old_id": "0a6df8f366307d8464d5bcb97fceecc116258fc8", "old_mode": 33188, "old_path": "runtime/vm/compiler/frontend/bytecode_flow_graph_builder.cc", "new_id": "61f37dfe5de5b53074ca916f90554482d07c3541", "new_mode": 33188, "new_path": "runtime/vm/compiler/frontend/bytecode_flow_graph_builder.cc" }, { "type": "modify", "old_id": "7fc93163b1a76d73065e1f0aa83f6ed232370a80", "old_mode": 33188, "old_path": "runtime/vm/object.cc", "new_id": "c42722815c989a3c673465f2bbe503189189846d", "new_mode": 33188, "new_path": "runtime/vm/object.cc" }, { "type": "modify", "old_id": "ab8e168a0e4aff5bb6de248fc5735c9563e06042", "old_mode": 33188, "old_path": "runtime/vm/object.h", "new_id": "fbf47ae4bdbbfa9b65f96df95324bfb3ad558e46", "new_mode": 33188, "new_path": "runtime/vm/object.h" } ] }