Bug 157933

Summary: The baseline JIT crashes when compiling "(1,1)/1"
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, oliver, saam, sukolsak, ysuzuki
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch
benjamin: review+
patch for landing
none
patch for landing none

Oliver Hunt
Reported 2016-05-19 16:37:45 PDT
Super simple test case: for(;;)(1,1)/1 It looks (from the back trace) like some places are correctly considering (1,1) as constant, but other places aren't. The net effect is that we assert/emit breakpoint in a case where we think we should have constant folded (or something) --Oliver
Attachments
patch (2.34 KB, patch)
2016-05-23 15:02 PDT, Saam Barati 		benjamin: review+
DetailsFormatted DiffDiff
patch for landing (2.51 KB, patch)
2016-05-23 15:15 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
patch for landing (2.51 KB, patch)
2016-05-23 15:16 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2016-05-23 15:01:17 PDT
*** Bug 158000 has been marked as a duplicate of this bug. ***
Saam Barati
Comment 2 2016-05-23 15:02:26 PDT
Created attachment 279587 [details] patch
Saam Barati
Comment 3 2016-05-23 15:15:25 PDT
Created attachment 279588 [details] patch for landing
Saam Barati
Comment 4 2016-05-23 15:16:21 PDT
Created attachment 279589 [details] patch for landing
WebKit Commit Bot
Comment 5 2016-05-23 15:45:34 PDT
Comment on attachment 279589 [details] patch for landing Clearing flags on attachment: 279589 Committed r201301: <http://trac.webkit.org/changeset/201301>
WebKit Commit Bot
Comment 6 2016-05-23 15:45:39 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.