[Webkit-unassigned] [Bug 79191] [JSC] The end atom of the marked block should be considered to decide if the cell is live
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Feb 26 19:58:00 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=79191
Filip Pizlo <fpizlo at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #128150|review? |review-
Flag| |
--- Comment #2 from Filip Pizlo <fpizlo at apple.com> 2012-02-26 19:58:00 PST ---
(From update of attachment 128150)
This feels strange. Either it is possible, due to the conservative nature of the stack scans, that we will see a pointer that passes the not-cell-middle test but is nonetheless beyond m_endAtom, or it isn't. If it is, this patch will make us crash in debug mode and do the right thing in release mode. If it is not possible, then this patch just adds noise.
So which is it? Can you justify why you've added code that results in assertion failures for the case that you're claiming to handle?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list