[Webkit-unassigned] [Bug 143960] REGRESSION (r182899): icloud.com crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 20 16:58:34 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=143960
--- Comment #4 from Geoffrey Garen <ggaren at apple.com> ---
> If the watchpointSet is null, it means there is no rare data and thus there
> shouldn't be an AllocationProfileWatchpoint for this node.
OK. Sounds like an ASSERT is appropriate, then.
> A least that was the case before I made the allocation profile clearing too
> aggressive when the .prototype is overwritten.
>
> This can only appear in the case of a singleton constructor whose prototype
> is overwritten after having been already constructed in the DFG, then
> constructed again, so no wonder the test cases did not catch this.
>
> I am writing a proper fix now.
Nice!
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150420/66203c2f/attachment-0001.html>
More information about the webkit-unassigned
mailing list