22451 – There should be a test for the JSC PIC bug that caused the ToT crasher over the weekend.

RESOLVED FIXED 22451

There should be a test for the JSC PIC bug that caused the ToT crasher over the weekend.

https://bugs.webkit.org/show_bug.cgi?id=22451

Summary There should be a test for the JSC PIC bug that caused the ToT crasher over t...

Gavin Barraclough

Reported 2008-11-24 02:40:04 PST

The bug is caused by an access to a prototype chain being cached, that doesn't check for immediates before dereferencing the passed JSValue*. Write a test case to force a chained access to be cached, then pass it an immediate. Should probably also test the non-chained prototype accesses, at the same time.

Attachments
A test (2.63 KB, patch) 2008-11-24 03:00 PST, Gavin Barraclough	eric: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Gavin Barraclough

Comment 1 2008-11-24 03:00:36 PST

Created attachment 25421 [details] A test

Gavin Barraclough

Comment 2 2008-11-24 03:12:08 PST

Sending LayoutTests/ChangeLog Adding LayoutTests/fast/js/pic/cached-prototype-then-immediate-expected.txt Adding LayoutTests/fast/js/pic/cached-prototype-then-immediate.html Transmitting file data ... Committed revision 38703.

Eric Seidel (no email)

Comment 3 2008-11-25 17:52:45 PST

Comment on attachment 25421 [details] A test Silly bugzilla. Clearing review flag since this landed.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Mac

OS OS X 10.5

Product WebKit

Component JavaScriptCore

Assignee

Gavin Barraclough

Reported

2008-11-24 02:40 PST

Modified

2008-11-25 17:52 PST History

CC List

0 users

URL

Keywords

Depends on

Blocks