RESOLVED FIXED 52643
[jsfunfuzz] Assertion in codegen for array of NaN constants
https://bugs.webkit.org/show_bug.cgi?id=52643
Summary [jsfunfuzz] Assertion in codegen for array of NaN constants
Oliver Hunt
Reported 2011-01-18 11:32:44 PST
This asserts when trying to cache values in the number pool tryItOut("/*p*/for (w in [(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0), (0/0), (0/0), (0/0), (0/0), (0/0), (0/0), (0/0), (0/0)]) { (eval = c); }") I've reduced it to: [(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0)(0/0), (0/0), (0/0), (0/0), (0/0), (0/0), (0/0), (0/0), (0/0), (0/0)] You can't seem to remove any of the elements, but you can add more elements to the end.
Attachments
Patch (4.31 KB, patch)
2011-01-18 12:52 PST, Oliver Hunt
koivisto: review+
Oliver Hunt
Comment 1 2011-01-18 12:52:48 PST
Oliver Hunt
Comment 2 2011-01-18 13:10:15 PST
Note You need to log in before you can comment on or make changes to this bug.