Currently, JSValue::strictEqualSlowCaseInline() (and peers) will blindly try to access the StringImpl of a JSRopeString that fails to resolve its rope. As a result, we'll crash with null pointer dereferences. We should fix this.
Created attachment 285984 [details]
Let's get some EWS testing and feedback.
I don't have a test because the only test case I have so far relies on allocating just the right amount of memory to run out of memory right at the moment of resolving a rope for a strict equality check. The test is brittle and flaky. So far, it only manifests the issue on ARM64, but not on x86_64 yet. So, I think its of questionable value and will leave it out for now.
Comment on attachment 285984 [details]
Will fix the build failure.
Created attachment 286065 [details]
Comment on attachment 286065 [details]
Let's call this "equal" since the WTF function is "equal".
Thanks for the review. I've replaced "equals" with "equal" (and ditto for the matching slow case function).
Landed in r204485: <http://trac.webkit.org/r204485>.