97496 – JSC: llint ASM should not reference ArrayProfile outside of VALUE_PROFILER check

Bug 97496 - JSC: llint ASM should not reference ArrayProfile outside of VALUE_PROFILER check

Summary: JSC: llint ASM should not reference ArrayProfile outside of VALUE_PROFILER check

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Lam

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-09-24 16:43 PDT by Mark Lam
Modified:	2012-09-24 16:53 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Fix. (1.94 KB, patch) 2012-09-24 16:50 PDT, Mark Lam	fpizlo: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Lam 2012-09-24 16:43:29 PDT

When jsc is built with ENABLE_JIT, ENABLE_LLINT, and !ENABLE_DFG_JIT, run-javascript-test is reporting 900+ regressions.  This is due to a crash in the llint where it is expecting to access an ArrayProfile record which has not been allocated.  This access should be guarded by "if VALUE_PROFILER" and hence should not have occurred.

Comment 1 Mark Lam 2012-09-24 16:50:19 PDT

Created attachment 165468 [details]
Fix.

Fixed as suggested by Filip.

Comment 2 Mark Lam 2012-09-24 16:53:40 PDT

Landed in http://trac.webkit.org/changeset/129428.