Bug 114774

Summary: Crash beneath JSC::JIT::privateCompileSlowCases @ stephenrdonaldson.com
Product: WebKit Reporter: Mark Hahnenberg <mhahnenberg>
Component: JavaScriptCoreAssignee: Mark Hahnenberg <mhahnenberg>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch ggaren: review+

Description Mark Hahnenberg 2013-04-17 16:45:19 PDT 
Looks like we're not linking up all of the slow cases in the baseline JIT. put_to_base is the culprit due to some weird mismatch in the switch statement logic of the normal case and the slow case.
Comment 1 Mark Hahnenberg 2013-04-17 16:45:29 PDT 
<rdar://problem/13445011>
Comment 2 Mark Hahnenberg 2013-04-18 12:17:28 PDT 
Created attachment 198752 [details]
Patch
Comment 3 Geoffrey Garen 2013-04-18 12:23:56 PDT 
Comment on attachment 198752 [details]
Patch

Patch looks good, but it needs a regression test.
Comment 4 Mark Hahnenberg 2013-04-18 15:42:24 PDT 
Created attachment 198776 [details]
Patch
Comment 5 Geoffrey Garen 2013-04-18 15:43:52 PDT 
Comment on attachment 198776 [details]
Patch

r=me
Comment 6 Mark Hahnenberg 2013-04-18 15:50:57 PDT 
Committed r148711: <http://trac.webkit.org/changeset/148711>