Bug 133903

Summary:

Convert ASSERT in inlineFunctionForCapabilityLevel to early return

Product:

WebKit

Reporter:

Michael Saboff <msaboff>

Component:

JavaScriptCore

Assignee:

Michael Saboff <msaboff>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	mhahnenberg: review+

Description Michael Saboff 2014-06-14 09:35:56 PDT

inlineFunctionForCapabilityLevel() begins with:
    if (isClosureCall) {
        ASSERT(kind == CodeForCall);
        return inlineFunctionForClosureCallCapabilityLevel(codeBlock);
    }

In some cases inlineFunctionForCapabilityLevel  is called with isClosureCall true for CodeForConstruct.  In release builds we'll do the wrong thing.  Instead we should return CannotCompile.

Comment 1 Michael Saboff 2014-06-14 09:49:41 PDT

Created attachment 233109 [details]
Patch

Comment 2 Mark Hahnenberg 2014-06-16 09:37:37 PDT

Comment on attachment 233109 [details]
Patch

r=me

Comment 3 Michael Saboff 2014-06-16 09:41:29 PDT

Committed r170011: <http://trac.webkit.org/changeset/170011>

Comment 4 Geoffrey Garen 2014-06-16 11:54:36 PDT

Comment on attachment 233109 [details]
Patch

Seems like this should be pretty easy to test in a debug build. Can you add a test case?

Comment 5 Michael Saboff 2014-06-16 13:46:32 PDT

(In reply to comment #4)
> (From update of attachment 233109 [details])
> Seems like this should be pretty easy to test in a debug build. Can you add a test case?

I don't know about easy.  In testing on a debug build, I hit this very infrequently, say ~20 minutes.  I will look into writing a test that can reliably hit this case.  Tracked in <https://bugs.webkit.org/show_bug.cgi?id=133950> - "Add test for case where  inlineFunctionForCapabilityLevel() is called for a constructor and isClosureCall is true"