WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
133368
DFG::DCEPhase inserts into an insertion set in reverse, causing hilarious basic block corruption if you kill a lot of NewArrays
https://bugs.webkit.org/show_bug.cgi?id=133368
Summary
DFG::DCEPhase inserts into an insertion set in reverse, causing hilarious bas...
Filip Pizlo
Reported
2014-05-28 18:36:03 PDT
DFG::DCEPhase inserts into an insertion set in reverse, causing hilarious basic block corruption if you kill a lot of NewArrays
Attachments
Patch
(4.83 KB, patch)
2014-05-28 18:37 PDT
,
Filip Pizlo
no flags
Details
Formatted Diff
Diff
Patch
(4.82 KB, patch)
2014-05-28 18:43 PDT
,
Filip Pizlo
mark.lam
: review+
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Filip Pizlo
Comment 1
2014-05-28 18:37:41 PDT
Created
attachment 232226
[details]
Patch
Filip Pizlo
Comment 2
2014-05-28 18:43:37 PDT
Created
attachment 232227
[details]
Patch
Mark Lam
Comment 3
2014-05-29 08:01:16 PDT
Comment on
attachment 232227
[details]
Patch r=me
Filip Pizlo
Comment 4
2014-05-29 09:10:55 PDT
Landed in
http://trac.webkit.org/changeset/169447
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug