On Fri, Apr 20, 2012 at 11:07 AM, Ryosuke Niwa <[email protected]> wrote: > Is the code reachable? It's quite possible that the code is unreachable and > therefore there is no way to hit that crash. Without a test, we can't answer > that question.
That is not rationally true. A test case can show that there is a code path leading to a null pointer dereference. A test cannot show that there are no possible code paths that lead to that state. This is exactly what I was getting at when explaining that the state space of webkit is too large to test. In this case we don't have a repro case that leads to that state, but that does not mean that it is not possible, or that the potential to crash should not be fixed. _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
