[Webkit-unassigned] [Bug 66010] REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 16 10:38:45 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66010
--- Comment #12 from Filip Pizlo <fpizlo at apple.com> 2011-08-16 10:38:45 PST ---
(In reply to comment #10)
> Is it not possible to write an automated regression test for this?
Sorry for not noting this in the ChangeLog, but there is no obvious automated regression test. The bug arises out of misuse of a hidden "this" argument to constructor calls. This is a synthetic notion introduced in our bytecode and our JITs - it is not exposed in the JavaScript language.
As well, the bug only happens when three different register allocators in the system (the bytecompiler's virtual register allocator, the DFG parser's virtual register allocator, and the DFG back-end's physical register allocator) all make exactly the "wrong" decision based on the input. A test that would cause a failure just before this fix landed would be unlikely to continue to cause failures if even slight changes in register allocation were made subsequently.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list