RESOLVED FIXED 158170
DFG::LazyJSValue::tryGetStringImpl() crashes for empty values 
https://bugs.webkit.org/show_bug.cgi?id=158170
Summary DFG::LazyJSValue::tryGetStringImpl() crashes for empty values
Filip Pizlo
Reported 2016-05-27 15:20:44 PDT
Patch forthcoming.
Attachments
the patch (2.86 KB, patch)
2016-05-27 15:23 PDT, Filip Pizlo 		msaboff: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2016-05-27 15:23:09 PDT
Created attachment 280002 [details] the patch
Michael Saboff
Comment 2 2016-05-27 15:25:45 PDT
Comment on attachment 280002 [details] the patch r=me
Filip Pizlo
Comment 3 2016-05-27 15:28:16 PDT
Landed in http://trac.webkit.org/changeset/201470
Saam Barati
Comment 4 2016-05-27 23:33:17 PDT
Comment on attachment 280002 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=280002&action=review > Source/JavaScriptCore/ChangeLog:9 > + value, presumably because this makes it soooper fast. In DFG IR, empty values can appear I'm going to run the experiment where jsDynamicCast<Foo*>(JSValue()) returns nullptr and see what the performance is like. Do you know if anyone has measured the performance impact of this recently?
Filip Pizlo
Comment 5 2016-05-28 06:00:19 PDT
(In reply to comment #4) > Comment on attachment 280002 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=280002&action=review > > > Source/JavaScriptCore/ChangeLog:9 > > + value, presumably because this makes it soooper fast. In DFG IR, empty values can appear > > I'm going to run the experiment where jsDynamicCast<Foo*>(JSValue()) returns > nullptr and see what the performance is like. > Do you know if anyone has measured the performance impact of this recently? I don't think anyone has ever measured it!
Note You need to log in before you can comment on or make changes to this bug.