RESOLVED FIXED 152909
FTL B3 allocateCell() should not crash 
https://bugs.webkit.org/show_bug.cgi?id=152909
Summary FTL B3 allocateCell() should not crash
Filip Pizlo
Reported 2016-01-08 11:23:56 PST
And it shouldn't use undef, that's dumb.
Attachments
the patch (1.66 KB, patch)
2016-01-08 11:25 PST, Filip Pizlo 		mark.lam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2016-01-08 11:25:54 PST
Created attachment 268559 [details] the patch
Mark Lam
Comment 2 2016-01-08 11:28:50 PST
Comment on attachment 268559 [details] the patch r=me
Filip Pizlo
Comment 3 2016-01-08 11:38:31 PST
Here's the new list of failures after this change: ** The following JSC stress test failures have been introduced: jsc-layout-tests.yaml/js/script-tests/dfg-constant-fold-misprediction.js.layout-ftl-eager-no-cjit regress/script-tests/call-spread-apply.js.ftl-no-cjit-no-inline-validate regress/script-tests/call-spread-call.js.ftl-no-cjit-no-inline-validate regress/script-tests/getter-richards-try-catch.js.default-ftl regress/script-tests/getter-richards-try-catch.js.ftl-no-cjit-validate regress/script-tests/richards-try-catch.js.default-ftl regress/script-tests/richards-try-catch.js.ftl-eager regress/script-tests/richards-try-catch.js.ftl-eager-no-cjit regress/script-tests/richards-try-catch.js.ftl-no-cjit-no-put-stack-validate regress/script-tests/richards-try-catch.js.ftl-no-cjit-validate regress/script-tests/varargs-strict-mode.js.ftl-no-cjit-no-inline-validate stress/ftl-try-catch-patchpoint-with-volatile-registers.js.default-ftl stress/ftl-try-catch-patchpoint-with-volatile-registers.js.ftl-eager-no-cjit stress/ftl-try-catch-patchpoint-with-volatile-registers.js.ftl-no-cjit-no-inline-validate stress/ftl-try-catch-patchpoint-with-volatile-registers.js.ftl-no-cjit-no-put-stack-validate stress/ftl-try-catch-patchpoint-with-volatile-registers.js.ftl-no-cjit-validate stress/load-varargs-then-inlined-call-and-exit-strict.js.ftl-no-cjit-no-inline-validate stress/op_negate.js.ftl-no-cjit stress/reflect-apply.js.ftl-eager-no-cjit stress/tail-call-varargs-no-stack-overflow.js.default-ftl stress/tail-call-varargs-no-stack-overflow.js.ftl-eager stress/tail-call-varargs-no-stack-overflow.js.ftl-eager-no-cjit stress/tail-call-varargs-no-stack-overflow.js.ftl-no-cjit-no-inline-validate stress/tail-call-varargs-no-stack-overflow.js.ftl-no-cjit-no-put-stack-validate stress/tail-call-varargs-no-stack-overflow.js.ftl-no-cjit-small-pool stress/tail-call-varargs-no-stack-overflow.js.ftl-no-cjit-validate stress/varargs-varargs-inlined-exit-strict-mode.js.ftl-no-cjit-no-inline-validate
Filip Pizlo
Comment 4 2016-01-08 11:38:43 PST
Landed in http://trac.webkit.org/changeset/194774
Note You need to log in before you can comment on or make changes to this bug.