Bug 177215
| Summary: | [JSC] JSTests/stress/ftl-put-by-id-slow-exception-no-catch.js is failing due to incorrect IC | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Caio Lima <ticaiolima> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | fpizlo, keith_miller, mark.lam, saam, ticaiolima, ysuzuki |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Caio Lima
The problem is happening when an Inline Cache is created using a Structure that is collected by GC and a further Structure with a different shape is allocated at the same address. In that case, the IC code is invalid, but the Structure comparison will succeed and then the wrong offset is being used.
Steps to reproduce:
```run-jsc --count 500 JSTests/stress/ftl-put-by-id-slow-exception-no-catch.js```
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Caio Lima
False alarm. The reason is a downstream Patch.