RESOLVED FIXED 157933
The baseline JIT crashes when compiling "(1,1)/1" 
https://bugs.webkit.org/show_bug.cgi?id=157933
Summary The baseline JIT crashes when compiling "(1,1)/1"
Oliver Hunt
Reported 2016-05-19 16:37:45 PDT
Super simple test case: for(;;)(1,1)/1 It looks (from the back trace) like some places are correctly considering (1,1) as constant, but other places aren't. The net effect is that we assert/emit breakpoint in a case where we think we should have constant folded (or something) --Oliver
Attachments
patch (2.34 KB, patch)
2016-05-23 15:02 PDT, Saam Barati 		benjamin: review+
DetailsFormatted DiffDiff
patch for landing (2.51 KB, patch)
2016-05-23 15:15 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
patch for landing (2.51 KB, patch)
2016-05-23 15:16 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2016-05-23 15:01:17 PDT
*** Bug 158000 has been marked as a duplicate of this bug. ***
Saam Barati
Comment 2 2016-05-23 15:02:26 PDT
Created attachment 279587 [details] patch
Saam Barati
Comment 3 2016-05-23 15:15:25 PDT
Created attachment 279588 [details] patch for landing
Saam Barati
Comment 4 2016-05-23 15:16:21 PDT
Created attachment 279589 [details] patch for landing
WebKit Commit Bot
Comment 5 2016-05-23 15:45:34 PDT
Comment on attachment 279589 [details] patch for landing Clearing flags on attachment: 279589 Committed r201301: <http://trac.webkit.org/changeset/201301>
WebKit Commit Bot
Comment 6 2016-05-23 15:45:39 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.