Context Navigation

← Previous Changeset
Next Changeset →

Changeset 240681 in webkit

Timestamp:

Jan 29, 2019, 2:04:47 PM (6 years ago)

Author:

mark.lam@apple.com

Message:

ValueRecovery::recover() should purify NaN values it recovers.
https://bugs.webkit.org/show_bug.cgi?id=193978
<rdar://problem/47625488>

Reviewed by Saam Barati.

JSTests:

stress/value-recovery-of-double-displaced-in-jsstack-should-be-purified.js: Added.

Source/JavaScriptCore:

According to DFG::OSRExit::executeOSRExit() and DFG::OSRExit::compileExit(),
recovered DoubleDisplacedInJSStack values need to be purified.
ValueRecovery::recover() should do the same.

bytecode/ValueRecovery.cpp:

(JSC::ValueRecovery::recover const):

Location:

trunk

Files:

: 1 added
: 3 edited

JSTests/ChangeLog (modified) (1 diff)
JSTests/stress/value-recovery-of-double-displaced-in-jsstack-should-be-purified.js (added)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/bytecode/ValueRecovery.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/JSTests/ChangeLog

-              r240629
+              r240681
+-01-29  Mark Lam  <mark.lam@apple.com>
+        ValueRecovery::recover() should purify NaN values it recovers.
+        https://bugs.webkit.org/show_bug.cgi?id=193978
+        <rdar://problem/47625488>
+        Reviewed by Saam Barati.
+        * stress/value-recovery-of-double-displaced-in-jsstack-should-be-purified.js: Added.
 -01-28  Yusuke Suzuki  <ysuzuki@apple.com>

trunk/Source/JavaScriptCore/ChangeLog

-              r240679
+              r240681
+-01-29  Mark Lam  <mark.lam@apple.com>
+        ValueRecovery::recover() should purify NaN values it recovers.
+        https://bugs.webkit.org/show_bug.cgi?id=193978
+        <rdar://problem/47625488>
+        Reviewed by Saam Barati.
+        According to DFG::OSRExit::executeOSRExit() and DFG::OSRExit::compileExit(),
+        recovered DoubleDisplacedInJSStack values need to be purified.
+        ValueRecovery::recover() should do the same.
+        * bytecode/ValueRecovery.cpp:
+        (JSC::ValueRecovery::recover const):
 -01-29  Yusuke Suzuki  <ysuzuki@apple.com>

trunk/Source/JavaScriptCore/bytecode/ValueRecovery.cpp

-              r189192
+              r240681
 /*
  * Copyright (C) 2011, 2013, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
 …
         return jsNumber(exec->r(virtualRegister().offset()).unboxedStrictInt52());
     case DoubleDisplacedInJSStack:
         return jsNumber(exec->r(virtualRegister().offset()).unboxedDouble());
+        return jsNumber(purifyNaN(exec->r(virtualRegister().offset()).unboxedDouble()));
     case CellDisplacedInJSStack:
         return exec->r(virtualRegister().offset()).unboxedCell();

Note: See TracChangeset for help on using the changeset viewer.