RESOLVED CONFIGURATION CHANGED 119899
Link failure in DFG 
https://bugs.webkit.org/show_bug.cgi?id=119899
Summary Link failure in DFG
Oliver Hunt
Reported 2013-08-16 10:23:16 PDT
x = 0; function h() { if (x.y++) missing(); } for (;;) try { h() } catch(e){} Fails with this assertion: 1 0x10e556e30 WTFCrash 2 0x10e0cf13c JSC::X86Assembler::linkJump(JSC::AssemblerLabel, JSC::AssemblerLabel) 3 0x10e197129 JSC::AbstractMacroAssembler<JSC::X86Assembler>::Jump::linkTo(JSC::AbstractMacroAssembler<JSC::X86Assembler>::Label, JSC::AbstractMacroAssembler<JSC::X86Assembler>*) const 4 0x10e1e5c9c JSC::DFG::SpeculativeJIT::linkBranches() 5 0x10e1e5bdf JSC::DFG::SpeculativeJIT::compile() 6 0x10e191f94 JSC::DFG::JITCompiler::compileBody() 7 0x10e194134 JSC::DFG::JITCompiler::compileFunction() 8 0x10e1ca06b JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) 9 0x10e1c9a46 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&) 10 0x10e2690fc JSC::DFG::Worklist::runThread() 11 0x10e2681f5 JSC::DFG::Worklist::threadFunction(void*) 12 0x10e59ced0 WTF::threadEntryPoint(void*) 13 0x10e59d878 WTF::wtfThreadEntryPoint(void*) 14 0x7fff8c0848a9 _pthread_body 15 0x7fff8c08473a _pthread_struct_init 16 0x7fff8c088fd9 thread_start
Attachments
proposal patch (4.42 KB, patch)
2013-09-06 16:29 PDT, Yi Shen 		ggaren: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2013-08-16 10:23:39 PDT
<rdar://problem/14758271>
Yi Shen
Comment 2 2013-09-06 16:29:48 PDT
Created attachment 210815 [details] proposal patch
Geoffrey Garen
Comment 3 2013-11-07 14:26:16 PST
Oops! It looks like this patch has been unreviewed for a while. Neither the attached test case nor the original bug report crash in TOT, so I'll mark this r-. Is there still a reason to emit an explicit ForceOSRExit when we've detected a CFA contradiction?
Filip Pizlo
Comment 4 2013-11-07 15:19:49 PST
(In reply to comment #3) > Oops! It looks like this patch has been unreviewed for a while. > > Neither the attached test case nor the original bug report crash in TOT, so I'll mark this r-. Is there still a reason to emit an explicit ForceOSRExit when we've detected a CFA contradiction? No - I think it would actually be wrong to do it. We would lose assertion coverage and we would get worse profiling. The DFG is now very good at handling contradictions like this.
Note You need to log in before you can comment on or make changes to this bug.