RESOLVED FIXED 186818
DirectArguments::create needs to initialize to undefined instead of the empty value 
https://bugs.webkit.org/show_bug.cgi?id=186818
Summary DirectArguments::create needs to initialize to undefined instead of the empty...
Saam Barati
Reported 2018-06-19 13:59:52 PDT
We have code in OSR exit that sets up length, but not capacity. This means get_from_arguments may end up loading an empty value, instead of undefined. We rely on it DirectArguments having at least up to the number of declared parameters slots being undefined if there are no arguments to the actual function
Attachments
patch (3.29 KB, patch)
2018-06-19 15:54 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2018-06-19 14:00:37 PDT
The test case ``` function foo(a, b) { let x = arguments; OSRExit(); return a + b; // Will load JSValue() instead of jsUndefined() since we'll materialize a DirectArguments in OSRExit that only has slots filled with JSValue() } function bar() { foo(); } noInline(bar); for (let i = 0; i < 1000; ++i) { bar(); } ```
Saam Barati
Comment 2 2018-06-19 14:10:03 PDT
<rdar://problem/38415177>
Saam Barati
Comment 3 2018-06-19 15:54:44 PDT
Created attachment 343118 [details] patch
WebKit Commit Bot
Comment 4 2018-06-19 18:11:51 PDT
Comment on attachment 343118 [details] patch Clearing flags on attachment: 343118 Committed r233000: <https://trac.webkit.org/changeset/233000>
WebKit Commit Bot
Comment 5 2018-06-19 18:11:53 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.