[Webkit-unassigned] [Bug 19580] REGRESSION (r34432): PGO-only crash in HTMLCollection::resetCollectionInfo (codegen issue?)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 2 14:33:50 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=19580
------- Comment #24 from 808caaa4.8ce9.9cd6c799e9f6 at gmail.com 2008-07-02 14:33 PDT -------
(In reply to comment #23)
*At least*, HTMLFormCollection::create() has same problem.
With r34813,
mov eax, [ebp+0Ch]
and dword ptr [ebp+0Ch], 0
push ecx ; PassRefPtr<>(form)
mov edi, ecx ; edi is fastMalloced space
mov [esp], eax
call ??0HTMLFormCollection at WebCore... ; ctor
Oh, HTMLFormCollection::this and form cannot be same.
I wonder if 1st push ecx isn't push esp, again.
// btw, almost all fastMalloc() is inlined (by LTCG) ... is it desired??
// It's pretty large, for each, and may affect mem cache, I feel.
// I haven't check which is finally faster, inlined or not inlined.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list