114774 – Crash beneath JSC::JIT::privateCompileSlowCases @ stephenrdonaldson.com

RESOLVED FIXED 114774

Crash beneath JSC::JIT::privateCompileSlowCases @ stephenrdonaldson.com

https://bugs.webkit.org/show_bug.cgi?id=114774

Summary Crash beneath JSC::JIT::privateCompileSlowCases @ stephenrdonaldson.com

Mark Hahnenberg

Reported 2013-04-17 16:45:19 PDT

Looks like we're not linking up all of the slow cases in the baseline JIT. put_to_base is the culprit due to some weird mismatch in the switch statement logic of the normal case and the slow case.

Attachments
Patch (1.54 KB, patch) 2013-04-18 12:17 PDT, Mark Hahnenberg	no flags	Details Formatted Diff Diff
Patch (4.36 KB, patch) 2013-04-18 15:42 PDT, Mark Hahnenberg	ggaren: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Mark Hahnenberg

Comment 1 2013-04-17 16:45:29 PDT

<rdar://problem/13445011>

Mark Hahnenberg

Comment 2 2013-04-18 12:17:28 PDT

Created attachment 198752 [details] Patch

Geoffrey Garen

Comment 3 2013-04-18 12:23:56 PDT

Comment on attachment 198752 [details] Patch Patch looks good, but it needs a regression test.

Mark Hahnenberg

Comment 4 2013-04-18 15:42:24 PDT

Created attachment 198776 [details] Patch

Geoffrey Garen

Comment 5 2013-04-18 15:43:52 PDT

Comment on attachment 198776 [details] Patch r=me

Mark Hahnenberg

Comment 6 2013-04-18 15:50:57 PDT

Committed r148711: <http://trac.webkit.org/changeset/148711>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Hahnenberg

Reported

2013-04-17 16:45 PDT

Modified

2013-04-18 15:50 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks