RESOLVED FIXED 216289
[JSC] returnEarlyFromInfiniteLoopsForFuzzing should return object 
https://bugs.webkit.org/show_bug.cgi?id=216289
Summary [JSC] returnEarlyFromInfiniteLoopsForFuzzing should return object
Yusuke Suzuki
Reported 2020-09-08 15:46:36 PDT
[JSC] returnEarlyFromInfiniteLoopsForFuzzing should return object
Attachments
Patch (8.12 KB, patch)
2020-09-08 15:49 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2020-09-08 15:49:53 PDT
Created attachment 408277 [details] Patch
Yusuke Suzuki
Comment 2 2020-09-08 15:49:56 PDT
<rdar://problem/68496533>
Yusuke Suzuki
Comment 3 2020-09-08 15:50:35 PDT
Comment on attachment 408277 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=408277&action=review > Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:5026 > + m_jit.moveValue(baselineCodeBlock->globalObject(), JSValueRegs { GPRInfo::returnValueGPR }); We do not need to register this to weak since it is tied to baselineCodeBlock.
EWS
Comment 4 2020-09-08 20:48:35 PDT
Committed r266770: <https://trac.webkit.org/changeset/266770> All reviewed patches have been landed. Closing bug and clearing flags on attachment 408277 [details].
Michael Catanzaro
Comment 5 2020-09-11 09:12:42 PDT
The new test infinite loops on x86_64 llint, bug #216406.
Note You need to log in before you can comment on or make changes to this bug.