Bug 133903 - Convert ASSERT in inlineFunctionForCapabilityLevel to early return
Summary: Convert ASSERT in inlineFunctionForCapabilityLevel to early return
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Michael Saboff
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-14 09:35 PDT by Michael Saboff
Modified: 2014-06-16 13:46 PDT (History)
0 users

See Also:

Attachments
Patch (1.44 KB, patch)
2014-06-14 09:49 PDT, Michael Saboff 		mhahnenberg: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Saboff 2014-06-14 09:35:56 PDT 
inlineFunctionForCapabilityLevel() begins with:
    if (isClosureCall) {
        ASSERT(kind == CodeForCall);
        return inlineFunctionForClosureCallCapabilityLevel(codeBlock);
    }

In some cases inlineFunctionForCapabilityLevel  is called with isClosureCall true for CodeForConstruct.  In release builds we'll do the wrong thing.  Instead we should return CannotCompile.
Comment 1 Michael Saboff 2014-06-14 09:49:41 PDT 
Created attachment 233109 [details]
Patch
Comment 2 Mark Hahnenberg 2014-06-16 09:37:37 PDT 
Comment on attachment 233109 [details]
Patch

r=me
Comment 3 Michael Saboff 2014-06-16 09:41:29 PDT 
Committed r170011: <http://trac.webkit.org/changeset/170011>
Comment 4 Geoffrey Garen 2014-06-16 11:54:36 PDT 
Comment on attachment 233109 [details]
Patch

Seems like this should be pretty easy to test in a debug build. Can you add a test case?
Comment 5 Michael Saboff 2014-06-16 13:46:32 PDT 
(In reply to comment #4)
> (From update of attachment 233109 [details])
> Seems like this should be pretty easy to test in a debug build. Can you add a test case?

I don't know about easy.  In testing on a debug build, I hit this very infrequently, say ~20 minutes.  I will look into writing a test that can reliably hit this case.  Tracked in <https://bugs.webkit.org/show_bug.cgi?id=133950> - "Add test for case where  inlineFunctionForCapabilityLevel() is called for a constructor and isClosureCall is true"