Bug 118486

Summary: NaturalLoops + Profiler = Crash
Product: WebKit Reporter: Mark Hahnenberg <mhahnenberg>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: fpizlo
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 118338    
Attachments:
Description Flags
the patch ggaren: review+

Mark Hahnenberg
Reported 2013-07-08 15:10:28 PDT
NaturalLoops::compute uses i instead of j in one of its internal loops. Should be a simple fix.
Attachments
the patch (4.38 KB, patch)
2013-07-08 22:03 PDT, Filip Pizlo 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2013-07-08 21:44:57 PDT
Looks like it's more complicated than I thought. Still crashes with this fix.
Filip Pizlo
Comment 2 2013-07-08 21:45:13 PDT
Added https://bugs.webkit.org/show_bug.cgi?id=118338 to the blocks list since SSA conversion needs Dominators and this bug looks like it might be Dominators-related.
Filip Pizlo
Comment 3 2013-07-08 21:58:24 PDT
Yeah I borked dominators. Lol. Patch on the way.
Filip Pizlo
Comment 4 2013-07-08 22:00:18 PDT
(In reply to comment #3) > Yeah I borked dominators. Lol. Patch on the way. See: http://trac.webkit.org/changeset/152431/branches/dfgFourthTier/Source/JavaScriptCore/dfg/DFGDominators.h Notice how I reversed "to" and "from".
Filip Pizlo
Comment 5 2013-07-08 22:03:22 PDT
Created attachment 206289 [details] the patch
Geoffrey Garen
Comment 6 2013-07-08 22:06:01 PDT
Comment on attachment 206289 [details] the patch r=me
Filip Pizlo
Comment 7 2013-07-08 22:09:43 PDT
Landed in http://trac.webkit.org/changeset/152481
Note You need to log in before you can comment on or make changes to this bug.