Bug 231976

Summary: canDoFastSpread should also check that the Structure is from the global object we're watching
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
follow up none

Saam Barati
Reported 2021-10-19 12:39:25 PDT
...
Attachments
Patch (1.67 KB, patch)
2021-10-19 12:54 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
follow up (1.57 KB, patch)
2021-10-19 17:11 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2021-10-19 12:40:34 PDT
<rdar://84340372>
Saam Barati
Comment 2 2021-10-19 12:54:27 PDT
Created attachment 441776 [details] Patch
Keith Miller
Comment 3 2021-10-19 13:05:10 PDT
Comment on attachment 441776 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=441776&action=review > Source/JavaScriptCore/dfg/DFGGraph.cpp:1852 > + && structure->globalObject() == globalObject > && structure->storedPrototype() == arrayPrototype Nit: Can we invert these two lines?
Saam Barati
Comment 4 2021-10-19 15:13:37 PDT
Comment on attachment 441776 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=441776&action=review >> Source/JavaScriptCore/dfg/DFGGraph.cpp:1852 >> && structure->storedPrototype() == arrayPrototype > > Nit: Can we invert these two lines? What's your thinking? The current code actually reads more clearly to me.
EWS
Comment 5 2021-10-19 15:48:33 PDT
Committed r284506 (243252@main): <https://commits.webkit.org/243252@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 441776 [details].
Saam Barati
Comment 6 2021-10-19 17:05:07 PDT
Will fix Keith's nit.
Saam Barati
Comment 7 2021-10-19 17:11:43 PDT
Created attachment 441820 [details] follow up
Keith Miller
Comment 8 2021-10-20 08:10:26 PDT
Comment on attachment 441820 [details] follow up r=me.
EWS
Comment 9 2021-10-22 11:23:17 PDT
Committed r284699 (243416@main): <https://commits.webkit.org/243416@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 441820 [details].
Note You need to log in before you can comment on or make changes to this bug.