RESOLVED FIXED138476
slow_path_get_direct_pname() needs to be hardened against a constant baseValue 
https://bugs.webkit.org/show_bug.cgi?id=138476
Summary slow_path_get_direct_pname() needs to be hardened against a constant baseValue
Mark Lam
Reported 2014-11-06 14:53:26 PST
CommonSlowPath's slow_path_get_direct_pname() currently assumes that the baseValue is always a non-constant register. However, this is not always the case like in the following: function foo() { var o = { a:1 }; for (var n in o) 0[n]; }; foo(); <rdar://problem/18495847>
Attachments
the patch. (20.88 KB, patch)
2014-11-06 15:21 PST, Mark Lam 		msaboff: review-
DetailsFormatted DiffDiff
take 2: minus test refactoring (9.79 KB, patch)
2014-11-06 16:06 PST, Mark Lam 		msaboff: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2014-11-06 15:21:13 PST
Created attachment 241135 [details] the patch.
Michael Saboff
Comment 2 2014-11-06 15:35:50 PST
Comment on attachment 241135 [details] the patch. The code change looks fine. The test changes are change to the test beyond just adding cases for the fix. Therefore please break out the test enhancements as a separate patch.
Mark Lam
Comment 3 2014-11-06 16:06:30 PST
Created attachment 241142 [details] take 2: minus test refactoring
Michael Saboff
Comment 4 2014-11-06 16:15:13 PST
Comment on attachment 241142 [details] take 2: minus test refactoring r=me
Mark Lam
Comment 5 2014-11-06 16:19:35 PST
Thanks for the review. Landed in r175724: <http://trac.webkit.org/r175724>.
Simon Fraser (smfr)
Comment 6 2014-11-06 20:39:40 PST
It looks like this broke 3 JSC tests: https://build.webkit.org/builders/Apple%20Yosemite%2032-bit%20JSC%20%28BuildAndTest%29?numbuilds=100
Mark Lam
Comment 7 2014-11-06 20:48:36 PST
(In reply to comment #6) > It looks like this broke 3 JSC tests: > https://build.webkit.org/builders/Apple%20Yosemite%2032- > bit%20JSC%20%28BuildAndTest%29?numbuilds=100 I’m looking into it.
Mark Lam
Comment 8 2014-11-07 00:24:56 PST
(In reply to comment #6) > It looks like this broke 3 JSC tests: > https://build.webkit.org/builders/Apple%20Yosemite%2032- > bit%20JSC%20%28BuildAndTest%29?numbuilds=100 The issue is due to a latent bug that is uncovered by the new tests. I'll skip the tests (from the JSC test set) temporarily while I debug the issue. This work is tracked in https://bugs.webkit.org/show_bug.cgi?id=138497.
Note You need to log in before you can comment on or make changes to this bug.