RESOLVED FIXED 180274
Having a bad time needs to handle ArrayClass indexing type as well 
https://bugs.webkit.org/show_bug.cgi?id=180274
Summary Having a bad time needs to handle ArrayClass indexing type as well
Saam Barati
Reported 2017-12-01 13:21:06 PST
...
Attachments
patch (5.67 KB, patch)
2017-12-01 13:29 PST, Saam Barati 		mark.lam: review+
DetailsFormatted DiffDiff
patch for landing (5.69 KB, patch)
2017-12-01 13:59 PST, Saam Barati 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2017-12-01 13:27:58 PST
<rdar://problem/35667869>
Saam Barati
Comment 2 2017-12-01 13:29:29 PST
Created attachment 328147 [details] patch
Keith Miller
Comment 3 2017-12-01 13:32:07 PST
Comment on attachment 328147 [details] patch r=me.
Mark Lam
Comment 4 2017-12-01 13:33:08 PST
Comment on attachment 328147 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=328147&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:1611 > + switchToSlowPutArrayStorage(vm); Isn't this infinitely recursing?
Mark Lam
Comment 5 2017-12-01 13:34:03 PST
Comment on attachment 328147 [details] patch oops, didn't mean to set the r? flag
Mark Lam
Comment 6 2017-12-01 13:40:12 PST
Comment on attachment 328147 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=328147&action=review r=me too. >> Source/JavaScriptCore/runtime/JSObject.cpp:1611 >> + switchToSlowPutArrayStorage(vm); > > Isn't this infinitely recursing? OK, I see what's happening. The ensureArrayStorage() ensures that the indexingType is no longer ArrayClass before recursing. Nothing to see here. Moving along.
Mark Lam
Comment 7 2017-12-01 13:42:04 PST
Comment on attachment 328147 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=328147&action=review > Source/JavaScriptCore/ChangeLog:13 > + in non empty indexing types as broken, instead of having to opt out all I suggest replacing "non empty" with "non-empty" to be consistent with your usage below. Plus it's easier to read.
Saam Barati
Comment 8 2017-12-01 13:59:32 PST
Created attachment 328153 [details] patch for landing
WebKit Commit Bot
Comment 9 2017-12-01 15:40:16 PST
Comment on attachment 328153 [details] patch for landing Clearing flags on attachment: 328153 Committed r225423: <https://trac.webkit.org/changeset/225423>
WebKit Commit Bot
Comment 10 2017-12-01 15:40:18 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.