Bug 216289 - [JSC] returnEarlyFromInfiniteLoopsForFuzzing should return object
Summary: [JSC] returnEarlyFromInfiniteLoopsForFuzzing should return object
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yusuke Suzuki
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-09-08 15:46 PDT by Yusuke Suzuki
Modified: 2020-09-11 09:12 PDT (History)
7 users (show)

See Also:

Attachments
Patch (8.12 KB, patch)
2020-09-08 15:49 PDT, Yusuke Suzuki 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yusuke Suzuki 2020-09-08 15:46:36 PDT 
[JSC] returnEarlyFromInfiniteLoopsForFuzzing should return object
Comment 1 Yusuke Suzuki 2020-09-08 15:49:53 PDT 
Created attachment 408277 [details]
Patch
Comment 2 Yusuke Suzuki 2020-09-08 15:49:56 PDT 
<rdar://problem/68496533>
Comment 3 Yusuke Suzuki 2020-09-08 15:50:35 PDT 
Comment on attachment 408277 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=408277&action=review

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:5026
> +                m_jit.moveValue(baselineCodeBlock->globalObject(), JSValueRegs { GPRInfo::returnValueGPR });

We do not need to register this to weak since it is tied to baselineCodeBlock.
Comment 4 EWS 2020-09-08 20:48:35 PDT 
Committed r266770: <https://trac.webkit.org/changeset/266770>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 408277 [details].
Comment 5 Michael Catanzaro 2020-09-11 09:12:42 PDT 
The new test infinite loops on x86_64 llint, bug #216406.