<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - REGRESSION (r182899): icloud.com crashes"
href="https://bugs.webkit.org/show_bug.cgi?id=143960#c2">Comment # 2</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - REGRESSION (r182899): icloud.com crashes"
href="https://bugs.webkit.org/show_bug.cgi?id=143960">bug 143960</a>
from <span class="vcard"><a class="email" href="mailto:ggaren@apple.com" title="Geoffrey Garen <ggaren@apple.com>"> <span class="fn">Geoffrey Garen</span></a>
</span></b>
<pre>Comment on <span class=""><a href="attachment.cgi?id=251185&action=diff" name="attach_251185" title="Possible patch, regression test forthcoming">attachment 251185</a> <a href="attachment.cgi?id=251185&action=edit" title="Possible patch, regression test forthcoming">[details]</a></span>
Possible patch, regression test forthcoming
View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=251185&action=review">https://bugs.webkit.org/attachment.cgi?id=251185&action=review</a>
<span class="quote">> Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp:113
> + case AllocationProfileWatchpoint: {
> + InlineWatchpointSet* watchpointSet = m_node->castOperand<JSFunction*>()->allocationProfileWatchpointSet();
> + if (watchpointSet)
> + addLazily(*watchpointSet);
> break;
> + }</span >
If watchpointSet is null, the compiler will fail to add a necessary watchpoint, which means that we'll end up with incorrect code if the watchpoint fires.
Can we ASSERT that watchpointSet is not null instead of checking?
What guarantees that it will not be null?</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>