Bug 22451

Summary:

There should be a test for the JSC PIC bug that caused the ToT crasher over the weekend.

Product:

WebKit

Reporter:

Gavin Barraclough <barraclough>

Component:

JavaScriptCore

Assignee:

Gavin Barraclough <barraclough>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

OS X 10.5

Attachments:

Description	Flags
A test	eric: review+

Gavin Barraclough

Reported 2008-11-24 02:40:04 PST

The bug is caused by an access to a prototype chain being cached, that doesn't check for immediates before dereferencing the passed JSValue*. Write a test case to force a chained access to be cached, then pass it an immediate. Should probably also test the non-chained prototype accesses, at the same time.

Attachments
A test (2.63 KB, patch) 2008-11-24 03:00 PST, Gavin Barraclough	eric: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Gavin Barraclough

Comment 1 2008-11-24 03:00:36 PST

Created attachment 25421 [details] A test

Gavin Barraclough

Comment 2 2008-11-24 03:12:08 PST

Sending LayoutTests/ChangeLog Adding LayoutTests/fast/js/pic/cached-prototype-then-immediate-expected.txt Adding LayoutTests/fast/js/pic/cached-prototype-then-immediate.html Transmitting file data ... Committed revision 38703.

Eric Seidel (no email)

Comment 3 2008-11-25 17:52:45 PST

Comment on attachment 25421 [details] A test Silly bugzilla. Clearing review flag since this landed.

Note You need to log in before you can comment on or make changes to this bug.