WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
192441
speculationFromCell() should speculate non-Identifier strings as SpecString instead of SpecStringVar.
https://bugs.webkit.org/show_bug.cgi?id=192441
Summary
speculationFromCell() should speculate non-Identifier strings as SpecString i...
Mark Lam
Reported
2018-12-05 17:21:42 PST
This is because a regular String (non-Identifier) can be converted into an Identifier. During DFG/FTL compilation, AbstractValue::checkConsistency() may expect a value to be of type SpecStringVar, but the mutator thread may have converted the string into an Identifier. This creates a race where AbstractValue::checkConsistency() may fail because it sees a SpecStringIdent when it expects the a SpecStringVar. The fix is to speculate non-Identifier strings as type SpecString which allows it to be SpecStringVar or SpecStringIndent. <
rdar://problem/46480355
>
Attachments
proposed patch.
(3.32 KB, patch)
2018-12-05 17:36 PST
,
Mark Lam
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Mark Lam
Comment 1
2018-12-05 17:36:21 PST
Created
attachment 356684
[details]
proposed patch.
Mark Lam
Comment 2
2018-12-05 20:09:03 PST
Comment on
attachment 356684
[details]
proposed patch. Thanks for the review. Landing now.
WebKit Commit Bot
Comment 3
2018-12-05 20:34:35 PST
Comment on
attachment 356684
[details]
proposed patch. Clearing flags on attachment: 356684 Committed
r238923
: <
https://trac.webkit.org/changeset/238923
>
WebKit Commit Bot
Comment 4
2018-12-05 20:34:36 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug