Bug 143962 - CRASH in operationCreateDirectArgumentsDuringExit()
Summary: CRASH in operationCreateDirectArgumentsDuringExit()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2015-04-20 13:20 PDT by Michael Saboff
Modified: 2015-04-25 01:32 PDT (History)
12 users (show)

See Also:

Attachments
work in progress (9.87 KB, patch)
2015-04-24 14:08 PDT, Filip Pizlo 		no flags Details | Formatted Diff | Diff
the patch (11.50 KB, patch)
2015-04-24 14:26 PDT, Filip Pizlo 		ggaren: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Saboff 2015-04-20 13:20:51 PDT 
Crash opening mail app on iCloud.com:

* thread #1: tid = 0x7d825, 0x00000001144fdb37, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, addre
Comment 1 Radar WebKit Bug Importer 2015-04-20 13:21:25 PDT 
<rdar://problem/20621589>
Comment 2 Mark Lam 2015-04-22 14:58:11 PDT 
<rdar://problem/20492150>
Comment 3 Filip Pizlo 2015-04-24 14:08:15 PDT 
Created attachment 251572 [details]
work in progress

Roughly, I'm making it so that the OSR exit compiler tracks liveness of constant-like things.  This allows for a bunch of simplifications and should fix this bug.
Comment 4 Filip Pizlo 2015-04-24 14:26:20 PDT 
Created attachment 251573 [details]
the patch
Comment 5 Geoffrey Garen 2015-04-24 15:05:27 PDT 
Comment on attachment 251573 [details]
the patch

r=me
Comment 6 Filip Pizlo 2015-04-25 01:32:49 PDT 
Landed in http://trac.webkit.org/changeset/183307