[Webkit-unassigned] [Bug 121710] REGRESSION(r153215): New iCloud site crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 20 14:57:45 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=121710
--- Comment #3 from Oliver Hunt <oliver at apple.com> 2013-09-20 14:56:50 PST ---
If we bring back the assertion here:
for (m_indexInBlock = 0; m_indexInBlock < block.size(); ++m_indexInBlock) {
m_currentNode = block[m_indexInBlock];
// We may have his a contradiction that the CFA was aware of but that the JIT
// didn't cause directly.
if (!m_state.isValid()) {
RELEASE_ASSERT_NOT_REACHED(); <---
bail();
return;
}
We hit it, implying the CFA is deciding there's a contradiction:
--> capitalize#AzCeyu:<0x117848e70, bc#39, Call, known callee: Cell: 0x117c18430 (0x10a93f270: Function, NonArray), numArgs+this = 3, stack >= r12>
34: <!0:-> InlineStart(MustGen, bc#0)
35: skipped < 0:-> MovHint(@9<String>, r15(M~<String>), bc#1)
36: <!0:-> CheckStructure(Cell:@9<String>, MustGen|CanExit, struct(0x10a93d2f0: NonArray), bc#4)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list