177215 – [JSC] JSTests/stress/ftl-put-by-id-slow-exception-no-catch.js is failing due to incorrect IC

RESOLVED INVALID 177215

[JSC] JSTests/stress/ftl-put-by-id-slow-exception-no-catch.js is failing due to incorrect IC

https://bugs.webkit.org/show_bug.cgi?id=177215

Summary [JSC] JSTests/stress/ftl-put-by-id-slow-exception-no-catch.js is failing due ...

Caio Lima

Reported 2017-09-19 18:41:26 PDT

The problem is happening when an Inline Cache is created using a Structure that is collected by GC and a further Structure with a different shape is allocated at the same address. In that case, the IC code is invalid, but the Structure comparison will succeed and then the wrong offset is being used. Steps to reproduce: ```run-jsc --count 500 JSTests/stress/ftl-put-by-id-slow-exception-no-catch.js```

Attachments
Add attachment proposed patch, testcase, etc.

Caio Lima

Comment 1 2017-09-22 11:57:47 PDT

False alarm. The reason is a downstream Patch.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2017-09-19 18:41 PDT

Modified

2017-09-22 11:57 PDT History

CC List

6 users Show

URL

Keywords

Depends on

Blocks