Changeset 207377 in webkit
- Timestamp:
- Oct 15, 2016 1:56:24 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r207369 r207377 1 2016-10-15 Saam Barati <sbarati@apple.com> 2 3 Assertion failed under operationToLowerCase with a rope with zero length 4 https://bugs.webkit.org/show_bug.cgi?id=163314 5 6 Reviewed by Mark Lam. 7 8 * stress/to-lower-case-intrinsic-on-empty-rope.js: Added. 9 (assert): 10 (returnRope.helper): 11 (returnRope): 12 (lower): 13 1 14 2016-10-14 Benjamin Poulain <bpoulain@apple.com> 2 15 -
trunk/Source/JavaScriptCore/ChangeLog
r207369 r207377 1 2016-10-15 Saam Barati <sbarati@apple.com> 2 3 Assertion failed under operationToLowerCase with a rope with zero length 4 https://bugs.webkit.org/show_bug.cgi?id=163314 5 6 Reviewed by Mark Lam. 7 8 There are some ways to get JSC to create empty rope strings. ToLowerCase 9 inside the DFG/FTL goes to the slow path when the argument is a rope. 10 operationToLowerCase was calling into a WTF string function that 11 assumed we are passing it a this value that has non-zero length. 12 However, we were calling it with a string that did have zero length. 13 To fix this, we make operationToLowerCase return the empty JSString 14 if it is going to make a string with zero length. 15 16 * dfg/DFGOperations.cpp: 17 * jsc.cpp: 18 (GlobalObject::finishCreation): 19 (functionIsRope): 20 1 21 2016-10-14 Benjamin Poulain <bpoulain@apple.com> 2 22 -
trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
r206804 r207377 1524 1524 const String& inputString = string->value(exec); 1525 1525 RETURN_IF_EXCEPTION(scope, nullptr); 1526 if (!inputString.length()) 1527 return vm.smallStrings.emptyString(); 1528 1526 1529 String lowercasedString = inputString.is8Bit() ? inputString.convertToLowercaseWithoutLocaleStartingAtFailingIndex8Bit(failingIndex) : inputString.convertToLowercaseWithoutLocale(); 1527 1530 if (lowercasedString.impl() == inputString.impl()) -
trunk/Source/JavaScriptCore/jsc.cpp
r207239 r207377 790 790 static EncodedJSValue JSC_HOST_CALL functionGetRandomSeed(ExecState*); 791 791 static EncodedJSValue JSC_HOST_CALL functionSetRandomSeed(ExecState*); 792 static EncodedJSValue JSC_HOST_CALL functionIsRope(ExecState*); 792 793 793 794 struct Script { … … 1008 1009 addFunction(vm, "getRandomSeed", functionGetRandomSeed, 0); 1009 1010 addFunction(vm, "setRandomSeed", functionSetRandomSeed, 1); 1011 addFunction(vm, "isRope", functionIsRope, 1); 1010 1012 1011 1013 addFunction(vm, "is32BitPlatform", functionIs32BitPlatform, 0); … … 1806 1808 } 1807 1809 1810 EncodedJSValue JSC_HOST_CALL functionIsRope(ExecState* exec) 1811 { 1812 JSValue argument = exec->argument(0); 1813 if (!argument.isString()) 1814 return JSValue::encode(jsBoolean(false)); 1815 const StringImpl* impl = jsCast<JSString*>(argument)->tryGetValueImpl(); 1816 return JSValue::encode(jsBoolean(!impl)); 1817 } 1818 1808 1819 EncodedJSValue JSC_HOST_CALL functionReadline(ExecState* exec) 1809 1820 {
Note: See TracChangeset
for help on using the changeset viewer.