Bug 163215

Summary: compileCheckStringIdent in the FTL is wrong
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, oliver, ticaiolima, ysuzuki
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch
fpizlo: review+
patch for landing none

Saam Barati
Reported 2016-10-10 09:09:16 PDT
It thinks a value that is a StringImpl is a JSString.
Attachments
patch (1.46 KB, patch)
2016-10-10 11:27 PDT, Saam Barati 		fpizlo: review+
DetailsFormatted DiffDiff
patch for landing (2.00 KB, patch)
2016-10-10 11:52 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2016-10-10 11:27:56 PDT
Created attachment 291124 [details] patch
Mark Lam
Comment 2 2016-10-10 11:28:54 PDT
Comment on attachment 291124 [details] patch r=me Can we have a test?
Filip Pizlo
Comment 3 2016-10-10 11:29:21 PDT
Comment on attachment 291124 [details] patch LValue lowStringIdent(Edge edge, OperandSpeculationMode mode = AutomaticOperandSpeculation) { ASSERT_UNUSED(mode, mode == ManualOperandSpeculation || edge.useKind() == StringIdentUse); LValue string = lowString(edge, mode); LValue stringImpl = m_out.loadPtr(string, m_heaps.JSString_value); speculateStringIdent(edge, string, stringImpl); return stringImpl; }
Filip Pizlo
Comment 4 2016-10-10 11:30:00 PDT
Comment on attachment 291124 [details] patch Of course that's right. I had it backwards.
Saam Barati
Comment 5 2016-10-10 11:52:09 PDT
Created attachment 291128 [details] patch for landing
Filip Pizlo
Comment 6 2016-10-10 11:52:53 PDT
Comment on attachment 291128 [details] patch for landing r=me on the test.
WebKit Commit Bot
Comment 7 2016-10-10 13:36:22 PDT
Comment on attachment 291128 [details] patch for landing Clearing flags on attachment: 291128 Committed r207017: <http://trac.webkit.org/changeset/207017>
WebKit Commit Bot
Comment 8 2016-10-10 13:36:26 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.