Bug 147354

Summary: DFG::safeToExecute() cases for GetByOffset/PutByOffset don't handle clobbered structure abstract values correctly
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, basile_clement, benjamin, ggaren, mark.lam, mhahnenb, mmirman, msaboff, nrotem, oliver, saam, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch msaboff: review+

Filip Pizlo
Reported 2015-07-27 22:31:28 PDT
This is a benign bug, but worth fixing.
Attachments
the patch (5.28 KB, patch)
2015-07-27 22:38 PDT, Filip Pizlo 		msaboff: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2015-07-27 22:38:43 PDT
Created attachment 257633 [details] the patch
Filip Pizlo
Comment 2 2015-07-27 22:47:05 PDT
Comment on attachment 257633 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=257633&action=review > Source/JavaScriptCore/dfg/DFGStructureAbstractValue.h:129 > + // neither clear nor top. Meant to say: "neither top nor clobbered". Fixed locally.
Michael Saboff
Comment 3 2015-07-28 09:45:00 PDT
Comment on attachment 257633 [details] the patch r=me
Filip Pizlo
Comment 4 2015-07-28 09:59:51 PDT
Landed in http://trac.webkit.org/changeset/187487
Note You need to log in before you can comment on or make changes to this bug.