177215 – [JSC] JSTests/stress/ftl-put-by-id-slow-exception-no-catch.js is failing due to incorrect IC

Bug 177215 - [JSC] JSTests/stress/ftl-put-by-id-slow-exception-no-catch.js is failing due to incorrect IC

Summary: [JSC] JSTests/stress/ftl-put-by-id-slow-exception-no-catch.js is failing due ...

Status:	RESOLVED INVALID

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-09-19 18:41 PDT by Caio Lima
Modified:	2017-09-22 11:57 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Caio Lima 2017-09-19 18:41:26 PDT

The problem is happening when an Inline Cache is created using a Structure that is collected by GC and a further Structure with a different shape is allocated at the same address. In that case, the IC code is invalid, but the Structure comparison will succeed and then the wrong offset is being used.

Steps to reproduce:

```run-jsc --count 500 JSTests/stress/ftl-put-by-id-slow-exception-no-catch.js```

Comment 1 Caio Lima 2017-09-22 11:57:47 PDT

False alarm. The reason is a downstream Patch.