[Webkit-unassigned] [Bug 143960] REGRESSION (r182899): icloud.com crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 20 14:34:01 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=143960
--- Comment #2 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 251185
--> https://bugs.webkit.org/attachment.cgi?id=251185
Possible patch, regression test forthcoming
View in context: https://bugs.webkit.org/attachment.cgi?id=251185&action=review
> Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp:113
> + case AllocationProfileWatchpoint: {
> + InlineWatchpointSet* watchpointSet = m_node->castOperand<JSFunction*>()->allocationProfileWatchpointSet();
> + if (watchpointSet)
> + addLazily(*watchpointSet);
> break;
> + }
If watchpointSet is null, the compiler will fail to add a necessary watchpoint, which means that we'll end up with incorrect code if the watchpoint fires.
Can we ASSERT that watchpointSet is not null instead of checking?
What guarantees that it will not be null?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150420/38e5696d/attachment.html>
More information about the webkit-unassigned
mailing list