193978 – ValueRecovery::recover() should purify NaN values it recovers.

Bug 193978 - ValueRecovery::recover() should purify NaN values it recovers.

Summary: ValueRecovery::recover() should purify NaN values it recovers.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Lam

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2019-01-29 13:38 PST by Mark Lam
Modified:	2019-01-29 14:05 PST (History)
CC List:	8 users (show)

See Also:

Attachments
proposed patch. (3.23 KB, patch) 2019-01-29 13:47 PST, Mark Lam	saam: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Lam 2019-01-29 13:38:28 PST

According to DFG::OSRExit::executeOSRExit() and DFG::OSRExit::compileExit(), recovered DoubleDisplacedInJSStack values need to be purified.  ValueRecovery::recover() should do the same.

<rdar://problem/47625488>

Comment 1 Mark Lam 2019-01-29 13:47:14 PST

Created attachment 360496 [details]
proposed patch.

Comment 2 Mark Lam 2019-01-29 14:05:53 PST

Thanks for the review.  Landed in r240681: <http://trac.webkit.org/r240681>.