Currently, JSValue::strictEqualSlowCaseInline() (and peers) will blindly try to access the StringImpl of a JSRopeString that fails to resolve its rope. As a result, we'll crash with null pointer dereferences. We should fix this.
<rdar://problem/27577556>
Created attachment 285984 [details] proposed patch. Let's get some EWS testing and feedback. I don't have a test because the only test case I have so far relies on allocating just the right amount of memory to run out of memory right at the moment of resolving a rope for a strict equality check. The test is brittle and flaky. So far, it only manifests the issue on ARM64, but not on x86_64 yet. So, I think its of questionable value and will leave it out for now.
Comment on attachment 285984 [details] proposed patch. Will fix the build failure.
Created attachment 286065 [details] proposed patch.
Comment on attachment 286065 [details] proposed patch. Let's call this "equal" since the WTF function is "equal". r=me
Thanks for the review. I've replaced "equals" with "equal" (and ditto for the matching slow case function). Landed in r204485: <http://trac.webkit.org/r204485>.