Bug 186818 - DirectArguments::create needs to initialize to undefined instead of the empty value
Summary: DirectArguments::create needs to initialize to undefined instead of the empty...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-06-19 13:59 PDT by Saam Barati
Modified: 2018-06-19 18:11 PDT (History)
13 users (show)

See Also:

Attachments
patch (3.29 KB, patch)
2018-06-19 15:54 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2018-06-19 13:59:52 PDT 
We have code in OSR exit that sets up length, but not capacity. This means get_from_arguments may end up loading an empty value, instead of undefined. We rely on it DirectArguments having at least up to the number of declared parameters slots being undefined if there are no arguments to the actual function
Comment 1 Saam Barati 2018-06-19 14:00:37 PDT 
The test case
```
function foo(a, b) {
    let x = arguments;
    OSRExit();
    return a + b; // Will load JSValue() instead of jsUndefined() since we'll materialize a DirectArguments in OSRExit that only has slots filled with JSValue()
}

function bar() {
    foo();
}
noInline(bar);

for (let i = 0; i < 1000; ++i) {
    bar();
}
```
Comment 2 Saam Barati 2018-06-19 14:10:03 PDT 
<rdar://problem/38415177>
Comment 3 Saam Barati 2018-06-19 15:54:44 PDT 
Created attachment 343118 [details]
patch
Comment 4 WebKit Commit Bot 2018-06-19 18:11:51 PDT 
Comment on attachment 343118 [details]
patch

Clearing flags on attachment: 343118

Committed r233000: <https://trac.webkit.org/changeset/233000>
Comment 5 WebKit Commit Bot 2018-06-19 18:11:53 PDT 
All reviewed patches have been landed.  Closing bug.