RESOLVED FIXED176429
isNotCellSpeculation is wrong with respect to SpecEmpty 
https://bugs.webkit.org/show_bug.cgi?id=176429
Summary isNotCellSpeculation is wrong with respect to SpecEmpty
Saam Barati
Reported 2017-09-05 16:21:09 PDT
this may lead to OSR exit loops.
Attachments
patch (2.70 KB, patch)
2017-09-05 16:48 PDT, Saam Barati 		msaboff: review+
DetailsFormatted DiffDiff
patch for landing (2.70 KB, patch)
2017-09-05 16:54 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2017-09-05 16:26:17 PDT
Consider something like this: a: JSConstant(JSValue()) If we ask @a in Fixup if shouldSpeculateNotCell, it'll return true. NotCellUse on @a will OSR exit, since it passes the cell check.
Saam Barati
Comment 2 2017-09-05 16:48:12 PDT
Created attachment 319956 [details] patch
Michael Saboff
Comment 3 2017-09-05 16:50:58 PDT
Comment on attachment 319956 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=319956&action=review r=me > Source/JavaScriptCore/ChangeLog:9 > + the SpecEmpty in the set for t. It should return false when the SpecEmpty is present, nit - Is "the" before the second SpecEmpty unnecessary?
Saam Barati
Comment 4 2017-09-05 16:52:31 PDT
Comment on attachment 319956 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=319956&action=review >> Source/JavaScriptCore/ChangeLog:9 >> + the SpecEmpty in the set for t. It should return false when the SpecEmpty is present, > > nit - Is "the" before the second SpecEmpty unnecessary? it is. removed.
Saam Barati
Comment 5 2017-09-05 16:54:39 PDT
Created attachment 319959 [details] patch for landing
WebKit Commit Bot
Comment 6 2017-09-05 18:18:19 PDT
Comment on attachment 319959 [details] patch for landing Clearing flags on attachment: 319959 Committed r221657: <http://trac.webkit.org/changeset/221657>
WebKit Commit Bot
Comment 7 2017-09-05 18:18:21 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 8 2017-09-27 12:37:43 PDT
<rdar://problem/34693636>
Note You need to log in before you can comment on or make changes to this bug.