Bug 158170 - DFG::LazyJSValue::tryGetStringImpl() crashes for empty values
Summary: DFG::LazyJSValue::tryGetStringImpl() crashes for empty values
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-27 15:20 PDT by Filip Pizlo
Modified: 2016-05-28 06:00 PDT (History)
5 users (show)

See Also:

Attachments
the patch (2.86 KB, patch)
2016-05-27 15:23 PDT, Filip Pizlo 		msaboff: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2016-05-27 15:20:44 PDT 
Patch forthcoming.
Comment 1 Filip Pizlo 2016-05-27 15:23:09 PDT 
Created attachment 280002 [details]
the patch
Comment 2 Michael Saboff 2016-05-27 15:25:45 PDT 
Comment on attachment 280002 [details]
the patch

r=me
Comment 3 Filip Pizlo 2016-05-27 15:28:16 PDT 
Landed in http://trac.webkit.org/changeset/201470
Comment 4 Saam Barati 2016-05-27 23:33:17 PDT 
Comment on attachment 280002 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=280002&action=review

> Source/JavaScriptCore/ChangeLog:9
> +        value, presumably because this makes it soooper fast. In DFG IR, empty values can appear

I'm going to run the experiment where jsDynamicCast<Foo*>(JSValue()) returns nullptr and see what the performance is like.
Do you know if anyone has measured the performance impact of this recently?
Comment 5 Filip Pizlo 2016-05-28 06:00:19 PDT 
(In reply to comment #4)
> Comment on attachment 280002 [details]
> the patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=280002&action=review
> 
> > Source/JavaScriptCore/ChangeLog:9
> > +        value, presumably because this makes it soooper fast. In DFG IR, empty values can appear
> 
> I'm going to run the experiment where jsDynamicCast<Foo*>(JSValue()) returns
> nullptr and see what the performance is like.
> Do you know if anyone has measured the performance impact of this recently?

I don't think anyone has ever measured it!