[Webkit-unassigned] [Bug 19580] REGRESSION (r34388-r34503): PGO-only crash in HTMLCollection::resetCollectionInfo (codegen issue?)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 2 10:34:19 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=19580





------- Comment #22 from aroben at apple.com  2008-07-02 10:34 PDT -------
I reverted the parts of r34432 that are relevant to HTMLFormCollection, and the
bug no longer occurs. Here's the disassembly from a PGO build with part of
r34432 reverted:

PassRefPtr<HTMLCollection> HTMLFormElement::elements()
{
00E09F20  push        ebp  
00E09F21  mov         ebp,esp 
00E09F23  sub         esp,14h 
00E09F26  push        ebx  
00E09F27  push        esi  
00E09F28  push        edi  
00E09F29  mov         dword ptr [ebp-14h],ecx 
    return new HTMLFormCollection(this);
00E09F2C  call        WTF::TCMalloc_ThreadCache::GetCache (0D80790h) 
00E09F31  push        20h  
00E09F33  mov         edi,eax 
00E09F35  call        WTF::ClassIndex (0DB72D0h) 
00E09F3A  movzx       esi,byte ptr
WebCore::CSSStyleSelector::s_styleNotYetAvailable+54h (1213628h)[eax] 
00E09F41  mov         eax,dword ptr
WebCore::CSSStyleSelector::s_styleNotYetAvailable+1D4h (12137A8h)[esi*4] 
00E09F48  pop         ecx  
00E09F49  lea         ebx,[edi+esi*8+0Ch] 
00E09F4D  mov         ecx,ebx 
00E09F4F  mov         dword ptr [ebp-8],eax 
00E09F52  call        WTF::RefPtr<KJS::SourceElements>::operator! (0E18310h) 
00E09F57  test        al,al 
00E09F59  jne         010A57DC 
00E09F5F  mov         eax,dword ptr [ebp-8] 
00E09F62  sub         dword ptr [edi],eax 
00E09F64  dec         word ptr [ebx+4] 
00E09F68  movzx       eax,word ptr [ebx+4] 
00E09F6C  cmp         ax,word ptr [ebx+6] 
00E09F70  jb          010A5840 
00E09F76  mov         edi,dword ptr [ebx] 
00E09F78  test        edi,edi 
00E09F7A  mov         eax,dword ptr [edi] 
00E09F7C  mov         dword ptr [ebx],eax 
00E09F7E  je          010A582D 
00E09F84  mov         eax,dword ptr [ebp-14h] 
00E09F87  test        eax,eax 
00E09F89  push        ecx  
00E09F8A  mov         dword ptr [esp],eax 
00E09F8D  je          WebCore::HTMLFormElement::elements+72h (0E09F92h) 
00E09F8F  inc         dword ptr [eax+4] 
00E09F92  call        WebCore::HTMLFormCollection::HTMLFormCollection
(0E0E570h) 
00E09F97  test        eax,eax 
00E09F99  mov         ecx,dword ptr [ebp+8] 
00E09F9C  pop         edi  
00E09F9D  pop         esi  
00E09F9E  mov         dword ptr [ecx],eax 
00E09FA0  pop         ebx  
00E09FA1  je          WebCore::HTMLFormElement::elements+86h (0E09FA6h) 
00E09FA3  inc         dword ptr [eax+4] 
00E09FA6  mov         eax,ecx 
}
00E09FA8  leave            
00E09FA9  ret         4    


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list