Bug 114774

Summary: Crash beneath JSC::JIT::privateCompileSlowCases @ stephenrdonaldson.com
Product: WebKit Reporter: Mark Hahnenberg <mhahnenberg>
Component: JavaScriptCoreAssignee: Mark Hahnenberg <mhahnenberg>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch ggaren: review+

Mark Hahnenberg
Reported 2013-04-17 16:45:19 PDT
Looks like we're not linking up all of the slow cases in the baseline JIT. put_to_base is the culprit due to some weird mismatch in the switch statement logic of the normal case and the slow case.
Attachments
Patch (1.54 KB, patch)
2013-04-18 12:17 PDT, Mark Hahnenberg 		no flags
DetailsFormatted DiffDiff
Patch (4.36 KB, patch)
2013-04-18 15:42 PDT, Mark Hahnenberg 		ggaren: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2013-04-17 16:45:29 PDT
<rdar://problem/13445011>
Mark Hahnenberg
Comment 2 2013-04-18 12:17:28 PDT
Created attachment 198752 [details] Patch
Geoffrey Garen
Comment 3 2013-04-18 12:23:56 PDT
Comment on attachment 198752 [details] Patch Patch looks good, but it needs a regression test.
Mark Hahnenberg
Comment 4 2013-04-18 15:42:24 PDT
Created attachment 198776 [details] Patch
Geoffrey Garen
Comment 5 2013-04-18 15:43:52 PDT
Comment on attachment 198776 [details] Patch r=me
Mark Hahnenberg
Comment 6 2013-04-18 15:50:57 PDT
Committed r148711: <http://trac.webkit.org/changeset/148711>
Note You need to log in before you can comment on or make changes to this bug.