Bug 140145 - Harden baseline JIT implementations of op_resolve_scope and op_get_from_scope against undefined scope register value
Summary: Harden baseline JIT implementations of op_resolve_scope and op_get_from_scope...
Status: ASSIGNED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 312.x
Hardware: All All
: P2 Normal
Assignee: Michael Saboff
URL:
Keywords:
Depends on: 140033
Blocks:
  Show dependency treegraph
 
Reported: 2015-01-06 13:51 PST by Michael Saboff
Modified: 2015-01-06 13:51 PST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Saboff 2015-01-06 13:51:54 PST
Similar to the issue in https://bugs.webkit.org/show_bug.cgi?id=140033 for op_new_func*, the DFG could dead code eliminate the use of the scope register.  Upon OSR exit to the baseline JIT, the scope register would be undefined.  The code determined to be dead by the DFG is still executed in the baseline JIT.  An inspection of the code shows that op_resolve_scope and op_get_from_scope need to be hardened against an undefined scope value.