RESOLVED FIXED 201332
[JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be invalid 
https://bugs.webkit.org/show_bug.cgi?id=201332
Summary [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegis...
Yusuke Suzuki
Reported 2019-08-30 00:10:54 PDT
...
Attachments
Patch (3.70 KB, patch)
2019-08-30 00:18 PDT, Yusuke Suzuki 		mark.lam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2019-08-30 00:13:36 PDT
<rdar://problem/54245190>
Yusuke Suzuki
Comment 2 2019-08-30 00:18:50 PDT
Created attachment 377684 [details] Patch
Mark Lam
Comment 3 2019-08-30 00:55:08 PDT
Comment on attachment 377684 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=377684&action=review r=me > Source/JavaScriptCore/ChangeLog:3 > + [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be inValid /inValid/invalid/. > JSTests/ChangeLog:3 > + [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be inValid Ditto.
Yusuke Suzuki
Comment 4 2019-08-30 01:03:17 PDT
Comment on attachment 377684 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=377684&action=review Thanks! >> Source/JavaScriptCore/ChangeLog:3 >> + [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be inValid > > /inValid/invalid/. Fixed. >> JSTests/ChangeLog:3 >> + [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be inValid > > Ditto. Fixed.
Yusuke Suzuki
Comment 5 2019-08-30 01:13:20 PDT
Committed r249317: <https://trac.webkit.org/changeset/249317>
Note You need to log in before you can comment on or make changes to this bug.