119349 – DFG doesn't account for inlining of functions with switch statements that haven't been executed by the baseline JIT

RESOLVED FIXED 119349

DFG doesn't account for inlining of functions with switch statements that haven't been executed by the baseline JIT

https://bugs.webkit.org/show_bug.cgi?id=119349

Summary DFG doesn't account for inlining of functions with switch statements that hav...

Mark Hahnenberg

Reported 2013-07-31 12:50:09 PDT

The baseline JIT is currently responsible for resizing the ctiOffsets Vector for SimpleJumpTables to be equal to the size of the branchOffsets Vector. If the DFG chooses to inline a function that has never been compiled by the baseline JIT then this resizing never happens and we crash at link time in the DFG. We can fix this by doing the resize in the DFG as well to catch this case.

Attachments
Patch (4.43 KB, patch) 2013-07-31 12:52 PDT, Mark Hahnenberg	ggaren: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Mark Hahnenberg

Comment 1 2013-07-31 12:52:58 PDT

Created attachment 207873 [details] Patch

Radar WebKit Bug Importer

Comment 2 2013-07-31 12:53:45 PDT

<rdar://problem/14608744>

Geoffrey Garen

Comment 3 2013-07-31 13:12:13 PDT

Comment on attachment 207873 [details] Patch r=me

Mark Hahnenberg

Comment 4 2013-07-31 13:23:10 PDT

Committed r153540: <http://trac.webkit.org/changeset/153540>

Brent Fulgham

Comment 5 2022-02-12 20:01:32 PST

*** Bug 119224 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Hahnenberg

Reported

2013-07-31 12:50 PDT

Modified

2022-02-12 20:01 PST History

CC List

2 users Show

URL

Keywords InRadar

Duplicates (1)

119224 View as bug list

Depends on

Blocks