Bug 143962

Summary: CRASH in operationCreateDirectArgumentsDuringExit()
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, benjamin, ggaren, mark.lam, mhahnenb, mmirman, msaboff, nrotem, oliver, saam, sam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
work in progress
none
the patch ggaren: review+

Description Michael Saboff 2015-04-20 13:20:51 PDT 
Crash opening mail app on iCloud.com:

* thread #1: tid = 0x7d825, 0x00000001144fdb37, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, addre
Comment 1 Radar WebKit Bug Importer 2015-04-20 13:21:25 PDT 
<rdar://problem/20621589>
Comment 2 Mark Lam 2015-04-22 14:58:11 PDT 
<rdar://problem/20492150>
Comment 3 Filip Pizlo 2015-04-24 14:08:15 PDT 
Created attachment 251572 [details]
work in progress

Roughly, I'm making it so that the OSR exit compiler tracks liveness of constant-like things.  This allows for a bunch of simplifications and should fix this bug.
Comment 4 Filip Pizlo 2015-04-24 14:26:20 PDT 
Created attachment 251573 [details]
the patch
Comment 5 Geoffrey Garen 2015-04-24 15:05:27 PDT 
Comment on attachment 251573 [details]
the patch

r=me
Comment 6 Filip Pizlo 2015-04-25 01:32:49 PDT 
Landed in http://trac.webkit.org/changeset/183307