[Webkit-unassigned] [Bug 19098] SquirrelFish: Ref'd temporaries can be clobbered

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri May 16 03:03:16 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=19098


oliver at apple.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mjs at apple.com,
                   |                            |ggaren at apple.com
            Summary|SquirrelFish: ForNode       |SquirrelFish: Ref'd
                   |codegen assertion on ebay   |temporaries can be clobbered




------- Comment #2 from oliver at apple.com  2008-05-16 03:03 PDT -------
Okay, it looks like we're clobbering temporary registers.
In the attached test case ForNode refs the result of the statement at line
5020, but it then clobbers (by resets) the ref'd RegisterID when
PreIncResolveNode requests a new temporary:
#0  0x0031b996 in KJS::RegisterID::RegisterID (this=0xbfff5c00, index=1) at
RegisterID.h:52
#1  0x00336eb5 in WTF::Vector<KJS::RegisterID, 512ul>::append<unsigned long>
(this=0xbfff5be8, val=@0xbfff3f48) at Vector.h:731
#2  0x002d3830 in KJS::CodeGenerator::newTemporary (this=0xbfff4320) at
CodeGenerator.cpp:351
#3  0x002e3a58 in KJS::PreIncResolveNode::emitCode (this=0x608e10,
generator=@0xbfff4320, dst=0x0) at nodes.cpp:2350
#4  0x0033585d in KJS::CodeGenerator::emitNode (this=0xbfff4320, dst=0x0,
n=0x608e10) at CodeGenerator.h:142
#5  0x00335884 in KJS::CodeGenerator::emitNode (this=0xbfff4320, n=0x608e10) at
CodeGenerator.h:147
#6  0x002dca02 in KJS::ForNode::emitCode (this=0x609030, generator=@0xbfff4320,
dst=0x0) at nodes.cpp:5023
#7  0x0033585d in KJS::CodeGenerator::emitNode (this=0xbfff4320, dst=0x0,
n=0x609030) at CodeGenerator.h:142
#8  0x002d7754 in statementListEmitCode (statements=@0x6090e0,
generator=@0xbfff4320, dst=0x0) at nodes.cpp:4682
#9  0x002d779a in KJS::BlockNode::emitCode (this=0x6090d0,
generator=@0xbfff4320, dst=0x0) at nodes.cpp:4740
#10 0x0033585d in KJS::CodeGenerator::emitNode (this=0xbfff4320, dst=0x0,
n=0x6090d0) at CodeGenerator.h:142
#11 0x002d81f5 in KJS::WithNode::emitCode (this=0x6090f0,
generator=@0xbfff4320, dst=0x0) at nodes.cpp:5369
#12 0x0033585d in KJS::CodeGenerator::emitNode (this=0xbfff4320, dst=0x0,
n=0x6090f0) at CodeGenerator.h:142
#13 0x002d7754 in statementListEmitCode (statements=@0x609170,
generator=@0xbfff4320, dst=0x0) at nodes.cpp:4682
#14 0x002d8bbc in KJS::FunctionBodyNode::emitCode (this=0x609160,
generator=@0xbfff4320) at nodes.cpp:5812
#15 0x002daeee in KJS::CodeGenerator::generate (this=0xbfff4320) at
CodeGenerator.cpp:133
#16 0x00307456 in KJS::FunctionBodyNode::generateCode (this=0x609160,
sc=0x6059b0) at nodes.cpp:5804
#17 0x00376ae7 in KJS::FunctionBodyNode::code (this=0x609160,
scopeChain=0x6059b0) at nodes.h:3027
#18 0x00374651 in KJS::Machine::privateExecute (this=0x3c5960,
flag=KJS::Machine::Normal, exec=0xbffff3ac, registerFile=0x605990, r=0x609328,
scopeChain=0x6059b0, codeBlock=0x605540, exception=0xbffff438) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:1768
#19 0x00376374 in KJS::Machine::execute (this=0x3c5960, programNode=0x608c90,
exec=0x6059f0, scopeChain=0x6059b0, thisObj=0x20000,
registerFileStack=0x605838, exception=0xbffff438) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/VM/Machine.cpp:610
#20 0x00314386 in KJS::Interpreter::evaluate (exec=0x6059f0,
scopeChain=@0x605858, sourceURL=@0xbffff508, startingLineNumber=0,
source=@0xbffff4a8, thisValue=0x0) at interpreter.cpp:85
#21 0x00314451 in KJS::Interpreter::evaluate (exec=0x6059f0,
scopeChain=@0x605858, sourceURL=@0xbffff508, startingLineNumber=0,
code=@0xbffff518, thisV=0x0) at interpreter.cpp:60
#22 0x00002b0b in runWithScripts (fileNames=@0xbffff570, arguments=@0xbffff564,
prettyPrint=false, dump=true) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/API/../kjs/testkjs.cpp:299
#23 0x00002ce3 in kjsmain (argc=4, argv=0xbffff5e4) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/API/../kjs/testkjs.cpp:372
#24 0x00002d4d in main (argc=4, argv=0xbffff5e4) at
/Volumes/Data/git/WebKit/OpenSource/JavaScriptCore/API/../kjs/testkjs.cpp:260


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list