[Webkit-unassigned] [Bug 66038] REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation: Matrix3D.invert)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 15 10:55:35 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66038
--- Comment #11 from Gavin Barraclough <barraclough at apple.com> 2011-08-15 10:55:34 PST ---
Hey Adam,
It would be very difficult to do so. The bug is triggered through interactions over multiple bytecode operations, including some that are not directly involved in the data flow since the problem is dependent on machine register allocator behavior.
It requires that an integer value is generated by code, spilled, filled, moved to a floating point register, that a unexpected callout from the speculative path occurs (using a silent spill), and that the value is then used again. Writing a test case that tripped over this would be tricky, and would be likely to be of extremely limited value since it would probably be short lived (any such test case would be hugely fragile to changes in register allocator behavior).
However we have hardened against this kind of bug in the future through Bug 66160, which adds asserts to catch such errors.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list