RESOLVED FIXED 118486
NaturalLoops + Profiler = Crash 
https://bugs.webkit.org/show_bug.cgi?id=118486
Summary NaturalLoops + Profiler = Crash
Mark Hahnenberg
Reported 2013-07-08 15:10:28 PDT
NaturalLoops::compute uses i instead of j in one of its internal loops. Should be a simple fix.
Attachments
the patch (4.38 KB, patch)
2013-07-08 22:03 PDT, Filip Pizlo 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2013-07-08 21:44:57 PDT
Looks like it's more complicated than I thought. Still crashes with this fix.
Filip Pizlo
Comment 2 2013-07-08 21:45:13 PDT
Added https://bugs.webkit.org/show_bug.cgi?id=118338 to the blocks list since SSA conversion needs Dominators and this bug looks like it might be Dominators-related.
Filip Pizlo
Comment 3 2013-07-08 21:58:24 PDT
Yeah I borked dominators. Lol. Patch on the way.
Filip Pizlo
Comment 4 2013-07-08 22:00:18 PDT
(In reply to comment #3) > Yeah I borked dominators. Lol. Patch on the way. See: http://trac.webkit.org/changeset/152431/branches/dfgFourthTier/Source/JavaScriptCore/dfg/DFGDominators.h Notice how I reversed "to" and "from".
Filip Pizlo
Comment 5 2013-07-08 22:03:22 PDT
Created attachment 206289 [details] the patch
Geoffrey Garen
Comment 6 2013-07-08 22:06:01 PDT
Comment on attachment 206289 [details] the patch r=me
Filip Pizlo
Comment 7 2013-07-08 22:09:43 PDT
Landed in http://trac.webkit.org/changeset/152481
Note You need to log in before you can comment on or make changes to this bug.