Bug 181027

Summary: Inlining of a function that ends in op_unreachable crashes
Product: WebKit Reporter: Robin Morisset <rmorisset>
Component: JavaScriptCoreAssignee: Robin Morisset <rmorisset>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, ews-watchlist, fpizlo, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=183812
Attachments:
Description Flags
testcase
none
Patch none

Robin Morisset
Reported 2017-12-20 05:54:07 PST
Created attachment 329912 [details] testcase This is due to a recent change I made, under the assumption that all functions end in op_ret. The fix is very simple: allocate a new continuation block after the inlining if the inlined function did not give one through parsing an op_ret.
Attachments
testcase (163 bytes, application/x-javascript)
2017-12-20 05:54 PST, Robin Morisset 		no flags
Details
Patch (5.10 KB, patch)
2017-12-20 05:59 PST, Robin Morisset 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Robin Morisset
Comment 1 2017-12-20 05:59:56 PST
Created attachment 329914 [details] Patch
Robin Morisset
Comment 2 2017-12-20 06:48:04 PST
<rdar://problem/35764281>
WebKit Commit Bot
Comment 3 2018-01-03 09:35:40 PST
Comment on attachment 329914 [details] Patch Clearing flags on attachment: 329914 Committed r226362: <https://trac.webkit.org/changeset/226362>
WebKit Commit Bot
Comment 4 2018-01-03 09:35:41 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 5 2018-01-03 09:36:22 PST
<rdar://problem/36276776>
Note You need to log in before you can comment on or make changes to this bug.