RESOLVED FIXED 158699
DFG Validation fails when performing a concatenation with only a single entry 
https://bugs.webkit.org/show_bug.cgi?id=158699
Summary DFG Validation fails when performing a concatenation with only a single entry
Oliver Hunt
Reported 2016-06-13 11:27:04 PDT
Fairly simple failure: function f() { for (;;)`${1}` } f(); The issue is that we appear to be issuing a str_concat with a single child, which the DFG thinks is invalid. The obvious solutions are to either: * don't emit str_concat from a single child template literal * Have the DFG acknowledge this can happen I think the former is the better option.
Attachments
Patch (2.39 KB, patch)
2016-06-13 15:35 PDT, Oliver Hunt 		saam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-06-13 14:26:18 PDT
<rdar://problem/26775638>
Oliver Hunt
Comment 2 2016-06-13 15:35:57 PDT
Created attachment 281211 [details] Patch
Saam Barati
Comment 3 2016-06-13 15:38:39 PDT
Comment on attachment 281211 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=281211&action=review r=me > Source/JavaScriptCore/tests/stress/template-literal.js:209 > +function testSingleNode() { Can you also add other tests for valueOf, etc
Oliver Hunt
Comment 4 2016-06-13 15:51:22 PDT
Comment on attachment 281211 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=281211&action=review >> Source/JavaScriptCore/tests/stress/template-literal.js:209 >> +function testSingleNode() { > > Can you also add other tests for valueOf, etc Unrealted to this bug you mean? This bug is specifically because template literals would alway plant a strcat, even if there was only a single node.
Oliver Hunt
Comment 5 2016-06-13 16:15:41 PDT
Committed r202015: <http://trac.webkit.org/changeset/202015>
Note You need to log in before you can comment on or make changes to this bug.