[Webkit-unassigned] [Bug 28294] Devirtualise marking
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 18 06:07:10 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=28294
Gabor Loki <loki at inf.u-szeged.hu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |loki at inf.u-szeged.hu
--- Comment #4 from Gabor Loki <loki at inf.u-szeged.hu> 2009-08-18 06:07:09 PDT ---
It looks like this patch breaks the ARM JIT port at r47269 with ENABLE_YARR=1
ENABLE_YARR_JIT=1 ENABLE_JIT=1 WTF_USE_JSVALUE32=1.
There is a regression at JavaScriptCore/tests/mozilla/ecma/Array/15.4.4.4-1.js
.
The GDB backtrace says:
#0 JSC::JSValue::isGetterSetter (this=0x4007ea4c) at
JavaScriptCore/runtime/JSCell.h:186
#1 callDefaultValueFunction (exec=0x426a004c, object=0x428b2660,
propertyName=@0x2e4320) at JavaScriptCore/runtime/JSObject.cpp:218
#2 JSC::JSObject::defaultValue (this=0x428b2660, exec=0x426a004c,
hint=JSC::NoPreference) at JavaScriptCore/runtime/JSObject.cpp:245
#3 JSC::JSObject::toPrimitive (this=0x428b2660, exec=0x426a004c,
preferredType=JSC::NoPreference)
at JavaScriptCore/runtime/JSObject.h:538
#4 JSC::JSValue::toPrimitive (this=0x4007eae8, exec=0x426a004c,
preferredType=JSC::NoPreference)
at JavaScriptCore/runtime/JSCell.h:261
#5 cti_op_to_primitive (args=0x4007eb04) at
JavaScriptCore/jit/JITStubs.cpp:2786
#6 ctiTrampoline ()
Do you have any hint or thought how to fix it?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list