Bug 231179

Summary: Fix wrong edge type from get-by-val in 32 bits
Product: WebKit Reporter: Mikhail R. Gadelha <mikhail>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer, xan.lopez, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Mikhail R. Gadelha
Reported 2021-10-04 11:00:02 PDT
Fix wrong edge type from get-by-val in 32 bits
Attachments
Patch (4.44 KB, patch)
2021-10-04 11:09 PDT, Mikhail R. Gadelha 		no flags
DetailsFormatted DiffDiff
Patch (7.97 KB, patch)
2021-10-05 13:57 PDT, Mikhail R. Gadelha 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mikhail R. Gadelha
Comment 1 2021-10-04 11:09:11 PDT
Created attachment 440079 [details] Patch
Yusuke Suzuki
Comment 2 2021-10-05 10:57:51 PDT
Comment on attachment 440079 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=440079&action=review > Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:4518 > + JSValueOperand baseOperand(this, baseEdge); > + generate(baseOperand.gpr()); base is JSValue, but it only passes payload part of JSValue. In 32bit, there is tag part, which needs to be passed. If it is a JSValue, then we need to use JSValueRegs.
Mikhail R. Gadelha
Comment 3 2021-10-05 13:57:08 PDT
Created attachment 440260 [details] Patch
Yusuke Suzuki
Comment 4 2021-10-05 17:52:42 PDT
Comment on attachment 440260 [details] Patch r=me
EWS
Comment 5 2021-10-06 00:15:45 PDT
Committed r283603 (242555@main): <https://commits.webkit.org/242555@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 440260 [details].
Radar WebKit Bug Importer
Comment 6 2021-10-06 00:16:17 PDT
<rdar://problem/83921689>
Note You need to log in before you can comment on or make changes to this bug.