[Webkit-unassigned] [Bug 143960] REGRESSION (r182899): icloud.com crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 21 10:14:28 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=143960
--- Comment #7 from Filip Pizlo <fpizlo at apple.com> ---
Comment on attachment 251211
--> https://bugs.webkit.org/attachment.cgi?id=251211
Slow (but clean) patch
View in context: https://bugs.webkit.org/attachment.cgi?id=251211&action=review
It's surprising that this patch is a slow-down. :-/
> Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp:116
> - case AllocationProfileWatchpoint:
> - addLazily(m_node->castOperand<JSFunction*>()->allocationProfileWatchpointSet());
> + case AllocationProfileWatchpoint: {
> + InlineWatchpointSet* watchpointSet = m_node->castOperand<JSFunction*>()->allocationProfileWatchpointSet();
> + // If we reach this point, the function's rare data was allocated when the AllocationProfileWatchpoint
> + // was added to the graph. We never de-allocate the rare data, so it must still be present, and the
> + // allocationProfileWatchpointSet with it.
> + ASSERT (watchpointSet);
> + addLazily(*watchpointSet);
> break;
> + }
It would be better to remove the AllocationProfileWatchpoint node in this patch, and do the watchpoint set registration in ByteCodeParser.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150421/f9327e5a/attachment.html>
More information about the webkit-unassigned
mailing list