Bug 201332

Summary: [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be invalid
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mark.lam: review+

Yusuke Suzuki
Reported 2019-08-30 00:10:54 PDT
...
Attachments
Patch (3.70 KB, patch)
2019-08-30 00:18 PDT, Yusuke Suzuki 		mark.lam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2019-08-30 00:13:36 PDT
<rdar://problem/54245190>
Yusuke Suzuki
Comment 2 2019-08-30 00:18:50 PDT
Created attachment 377684 [details] Patch
Mark Lam
Comment 3 2019-08-30 00:55:08 PDT
Comment on attachment 377684 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=377684&action=review r=me > Source/JavaScriptCore/ChangeLog:3 > + [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be inValid /inValid/invalid/. > JSTests/ChangeLog:3 > + [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be inValid Ditto.
Yusuke Suzuki
Comment 4 2019-08-30 01:03:17 PDT
Comment on attachment 377684 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=377684&action=review Thanks! >> Source/JavaScriptCore/ChangeLog:3 >> + [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be inValid > > /inValid/invalid/. Fixed. >> JSTests/ChangeLog:3 >> + [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be inValid > > Ditto. Fixed.
Yusuke Suzuki
Comment 5 2019-08-30 01:13:20 PDT
Committed r249317: <https://trac.webkit.org/changeset/249317>
Note You need to log in before you can comment on or make changes to this bug.