Bug 227095

Summary: Don't look at the (non-existent) child2 of DelById
Product: WebKit Reporter: Robin Morisset <rmorisset>
Component: JavaScriptCoreAssignee: Robin Morisset <rmorisset>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 226556    
Bug Blocks:    
Attachments:
Description Flags
Patch
mark.lam: review+
Patch for landing none

Description Robin Morisset 2021-06-16 14:33:54 PDT 
When I rebased my patch for bug 226556, I introduced a bug for DelById, since it now shares code with DelByVal, and I access its second child early to avoid accessing it in the lambda (after the graph is freed).
The solution is a trivial branch.
Comment 1 Robin Morisset 2021-06-16 14:36:31 PDT 
Created attachment 431605 [details]
Patch
Comment 2 Mark Lam 2021-06-16 14:41:45 PDT 
Comment on attachment 431605 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431605&action=review

r=me

> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:5921
> +        UseKind child2UseKind;

Should this be given some initial value to placate over-zealous compilers?
Comment 3 Robin Morisset 2021-06-16 14:57:59 PDT 
Created attachment 431607 [details]
Patch for landing

I applied Mark's suggestion and gave a default of UntypedUse to child2UseKind in case GCC or MSVC are overzealous.
Comment 4 EWS 2021-06-16 15:26:38 PDT 
Committed r278959 (238887@main): <https://commits.webkit.org/238887@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 431607 [details].
Comment 5 Radar WebKit Bug Importer 2021-06-16 15:27:20 PDT 
<rdar://problem/79419113>