Bug 193978

Summary:

ValueRecovery::recover() should purify NaN values it recovers.

Product:

WebKit

Reporter:

Mark Lam <mark.lam>

Component:

JavaScriptCore

Assignee:

Mark Lam <mark.lam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

fpizlo, keith_miller, msaboff, rmorisset, saam, tzagallo, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
proposed patch.	saam: review+

Mark Lam

Reported 2019-01-29 13:38:28 PST

According to DFG::OSRExit::executeOSRExit() and DFG::OSRExit::compileExit(), recovered DoubleDisplacedInJSStack values need to be purified. ValueRecovery::recover() should do the same. <rdar://problem/47625488>

Attachments
proposed patch. (3.23 KB, patch) 2019-01-29 13:47 PST, Mark Lam	saam: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2019-01-29 13:47:14 PST

Created attachment 360496 [details] proposed patch.

Mark Lam

Comment 2 2019-01-29 14:05:53 PST

Thanks for the review. Landed in r240681: <http://trac.webkit.org/r240681>.

Note You need to log in before you can comment on or make changes to this bug.