Steps to reproduce: 1. Open www.progressive.com 2. Enter credentials (valid or not) 3. Click Log In. Results: a new page loads, which has a yellow bubble saying "You must have JavaScript enabled to log in". Expected results: successful login, or indication that credentials are incorrect.
This still happens as of r97440.
rdar://problem/10320207
I can still reproduce in r98510. Investigating...
Looks like this was caused by DFG intrinsic support not keeping the callee alive in the case of the function speculation being done with CheckFunction instead of CheckMethod. As a result, OSR thought that if the intrinsic body had a speculation failure, then the callee was no longer needed and could be set to Undefined. The old JIT would then fail to make the (non-intrinsic) call because the callee was Undefined. Patch on the way.
ah ha, this sounds like what i was seeing with search on apple.com -- (some String _object_).charAt(0) was failing due to function being undefined
Created attachment 112590 [details] the patch
This appears to be neutral enough. Benchmark report for SunSpider, V8, and Kraken. VMs tested: "TipOfTree" at /Volumes/Data/pizlo/tertiary/OpenSource/WebKitBuild/Release/jsc "FixIntrinsic" at /Volumes/Data/pizlo/secondary/OpenSource/WebKitBuild/Release/jsc Collected 30 samples per benchmark/VM, with 10 VM invocations per benchmark. Used 1 benchmark iteration per VM invocation for warm-up. Used the jsc-specific preciseTime() function to get microsecond-level timing. Reporting benchmark execution times with 95% confidence intervals in milliseconds. TipOfTree FixIntrinsic SunSpider: 3d-cube 7.9076+-0.0279 ? 7.9364+-0.0283 ? 3d-morph 8.5858+-0.0787 ^ 8.4033+-0.0224 ^ definitely 1.0217x faster 3d-raytrace 8.2665+-0.0779 8.2392+-0.0530 access-binary-trees 1.6938+-0.0080 ? 1.7000+-0.0120 ? access-fannkuch 7.7814+-0.0293 ? 7.7880+-0.0421 ? access-nbody 4.5360+-0.0089 ? 4.5428+-0.0133 ? access-nsieve 3.1823+-0.0085 ? 3.2028+-0.0157 ? bitops-3bit-bits-in-byte 1.3132+-0.0051 ? 1.3253+-0.0098 ? bitops-bits-in-byte 5.2879+-0.0174 5.2765+-0.0131 bitops-bitwise-and 3.4455+-0.0338 3.4255+-0.0367 bitops-nsieve-bits 5.6557+-0.0220 ? 5.6672+-0.0289 ? controlflow-recursive 2.3333+-0.0080 ? 2.3408+-0.0110 ? crypto-aes 7.6466+-0.0657 ? 7.6529+-0.0503 ? crypto-md5 2.8665+-0.0088 ? 2.8719+-0.0139 ? crypto-sha1 2.6365+-0.0068 ? 2.6395+-0.0061 ? date-format-tofte 10.6221+-0.0892 10.6129+-0.0828 date-format-xparb 10.0401+-0.1399 ? 10.2030+-0.1278 ? might be 1.0162x slower math-cordic 7.8692+-0.1607 7.7656+-0.1735 might be 1.0133x faster math-partial-sums 10.6119+-0.0382 10.5947+-0.0216 math-spectral-norm 2.8884+-0.0094 2.8831+-0.0035 regexp-dna 13.4098+-0.1236 13.3586+-0.0969 string-base64 4.4306+-0.0160 ? 4.4345+-0.0180 ? string-fasta 7.1237+-0.0313 ? 7.1520+-0.0327 ? string-tagcloud 13.3123+-0.1002 13.2537+-0.0978 string-unpack-code 22.7898+-0.1135 22.7579+-0.1608 string-validate-input 5.6190+-0.0312 ? 5.6246+-0.0251 ? <arithmetic> * 6.9944+-0.0186 6.9866+-0.0160 <geometric> 5.6515+-0.0115 5.6507+-0.0108 <harmonic> 4.4652+-0.0076 ? 4.4720+-0.0094 ? TipOfTree FixIntrinsic V8: crypto 81.3615+-0.1320 81.2786+-0.1237 deltablue 198.7770+-1.1554 ? 198.8303+-0.8179 ? earley-boyer 112.6656+-0.4977 112.2430+-0.3937 raytrace 69.7731+-0.2614 ? 69.8014+-0.2044 ? regexp 123.2958+-0.2316 ! 123.9037+-0.2628 ! definitely 1.0049x slower richards 145.2994+-0.3315 ? 145.3566+-0.3675 ? splay 125.6378+-0.2950 ^ 125.0238+-0.2855 ^ definitely 1.0049x faster <arithmetic> 122.4015+-0.2623 122.3482+-0.1259 <geometric> * 116.2024+-0.2088 116.1417+-0.1064 <harmonic> 110.2616+-0.1835 110.2013+-0.1079 TipOfTree FixIntrinsic Kraken: ai-astar 820.2246+-6.7082 ! 835.1766+-0.7111 ! definitely 1.0182x slower audio-beat-detection 213.4186+-1.0287 213.0322+-0.8044 audio-dft 262.7048+-1.5377 ? 262.7931+-2.2951 ? audio-fft 132.9054+-0.2444 ? 133.2153+-0.3970 ? audio-oscillator 291.0922+-0.6166 ? 291.3314+-0.6625 ? imaging-darkroom 449.3549+-3.0024 ? 465.5893+-16.4302 ? might be 1.0361x slower imaging-desaturate 245.1788+-0.0914 ? 245.2064+-0.1010 ? imaging-gaussian-blur 621.4067+-0.4518 ? 622.2380+-1.1309 ? json-parse-financial 70.0677+-0.1335 ^ 69.6918+-0.1879 ^ definitely 1.0054x faster json-stringify-tinderbox 79.9185+-0.1917 ? 80.3397+-0.5611 ? stanford-crypto-aes 153.2659+-0.8925 ? 154.5920+-1.1308 ? stanford-crypto-ccm 116.0096+-0.4305 115.9553+-0.3849 stanford-crypto-pbkdf2 238.1033+-1.5732 236.7514+-1.7106 stanford-crypto-sha256-iterative 85.2398+-0.1548 ? 85.3327+-0.1286 ? <arithmetic> * 269.9208+-0.4461 ! 272.2318+-1.1298 ! definitely 1.0086x slower <geometric> 205.8856+-0.1998 ! 206.7182+-0.4525 ! definitely 1.0040x slower <harmonic> 161.9389+-0.1452 ? 162.1738+-0.2282 ? TipOfTree FixIntrinsic All benchmarks: <arithmetic> 102.5012+-0.1587 ! 103.1773+-0.3432 ! definitely 1.0066x slower <geometric> 25.8726+-0.0371 ? 25.8995+-0.0350 ? <harmonic> 7.8690+-0.0132 ? 7.8808+-0.0162 ? TipOfTree FixIntrinsic Geomean of preferred means: <scaled-result> 60.3113+-0.0906 ? 60.4493+-0.1033 ?
*** Bug 70682 has been marked as a duplicate of this bug. ***
http://trac.webkit.org/changeset/98517
*** Bug 69793 has been marked as a duplicate of this bug. ***