| Summary: | LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame. | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Mark Lam <mark.lam> | ||||||||
| Component: | JavaScriptCore | Assignee: | Mark Lam <mark.lam> | ||||||||
| Status: | RESOLVED FIXED | ||||||||||
| Severity: | Normal | CC: | ews-watchlist, keith_miller, msaboff, saam, webkit-bug-importer | ||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||
| Version: | WebKit Nightly Build | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=192018 | ||||||||||
| Bug Depends on: | |||||||||||
| Bug Blocks: | 191594 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Mark Lam
2018-11-12 23:51:18 PST
Created attachment 354655 [details]
proposed patch.
Created attachment 354656 [details]
proposed patch.
Created attachment 354658 [details]
proposed patch.
Comment on attachment 354658 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=354658&action=review > Source/JavaScriptCore/ChangeLog:39 > + frame #25: JSC::ProxyObject::getOwnPropertySlotCommon(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbba80, slot=0x00007ffeefbbc720) at ProxyObject.cpp:372 Can you also file a bug and assign it to me with a reproducible test case. calculatedClassName should not do anything effectful. So it’s wrong that it calls into JS r=me if you want to land this patch (In reply to Saam Barati from comment #4) > Can you also file a bug and assign it to me with a reproducible test case. > calculatedClassName should not do anything effectful. So it’s wrong that it > calls into JS I've filed https://bugs.webkit.org/show_bug.cgi?id=191594 to capture this issue. Thanks for the review. Landed in r238141: <http://trac.webkit.org/r238141>. |