[Webkit-unassigned] [Bug 90728] REGRESSION(r118555): Assertion failure in JSC::DFG::AssemblyHelpers::decodedCodeMapFor on MathJax v2.0 sample
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 17 15:32:46 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=90728
--- Comment #6 from Filip Pizlo <fpizlo at apple.com> 2012-12-17 15:35:03 PST ---
(In reply to comment #2)
> It seems DFGOSRExitCompiler assumes setJITCodeMap is always called, however when LLINT isn't enabled, and canBeOptimized() = true, the jitCodeMap is left null.
>
> #if ENABLE(DFG_JIT) || ENABLE(LLINT)
> if (canBeOptimized()
> #if ENABLE(LLINT)
> || true
> #endif
> ) {
> CompactJITCodeMap::Encoder jitCodeMapEncoder;
> for (unsigned bytecodeOffset = 0; bytecodeOffset < m_labels.size();
> ++bytecodeOffset) {
> if (m_labels[bytecodeOffset].isSet())
> jitCodeMapEncoder.append(bytecodeOffset,
> patchBuffer.offsetOf(m_labels[bytecodeOffset]));
> }
> m_codeBlock->setJITCodeMap(jitCodeMapEncoder.finish());
> }
>
> Filip?
How can canBeOptimized() == true lead to jitCodeMap being null in the above code?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list