Changeset 207017 in webkit

Timestamp:

Oct 10, 2016 1:33:46 PM (8 years ago)

Author:

sbarati@apple.com

Message:

compileCheckStringIdent in the FTL is wrong
​https://bugs.webkit.org/show_bug.cgi?id=163215

Reviewed by Mark Lam and Filip Pizlo.

lowStringIdent() returns the StringImpl pointer. The compileCheckStringIdent()
was treating its return value as the actual JSString. This is wrong.

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCheckStringIdent):

Location:

trunk

Files:

• JSTests/stress/check-string-ident.js (added)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2016-10-10  Saam Barati  <sbarati@apple.com>
+
+        compileCheckStringIdent in the FTL is wrong
+        https://bugs.webkit.org/show_bug.cgi?id=163215
+
+        Reviewed by Mark Lam and Filip Pizlo.
+
+        lowStringIdent() returns the StringImpl pointer. The compileCheckStringIdent()
+        was treating its return value as the actual JSString. This is wrong.
+
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileCheckStringIdent):
+
 2016-10-10  Yusuke Suzuki  <utatane.tea@gmail.com>
 

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

@@ -2607 +2607 @@
     {
         UniquedStringImpl* uid = m_node->uidOperand();
-        LValue string = lowStringIdent(m_node->child1());
-        LValue stringImpl = m_out.loadPtr(string, m_heaps.JSString_value);
+        LValue stringImpl = lowStringIdent(m_node->child1());
         speculate(BadIdent, noValue(), nullptr, m_out.notEqual(stringImpl, m_out.constIntPtr(uid)));
     }