Changeset 238596 in webkit


Ignore:
Timestamp:
Nov 27, 2018 6:03:20 PM (5 years ago)
Author:
sbarati@apple.com
Message:

r238510 broke scopes of size zero
https://bugs.webkit.org/show_bug.cgi?id=192033
<rdar://problem/46281734>

Reviewed by Keith Miller.

JSTests:

  • stress/r238510-bad-loop.js: Added.

(foo):

Source/JavaScriptCore:

In r238510, I wrote the loop like this:
for (ScopeOffset offset { 0 }; offset <= symbolTable->maxScopeOffset(); offset += 1)

This breaks for scopes of size zero because maxScopeOffset() will be UINT_MAX.

This patch fixes this by writing the loop as:
for (unsigned offset = 0; offset < symbolTable->scopeSize(); ++offset)

  • dfg/DFGObjectAllocationSinkingPhase.cpp:
Location:
trunk
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/JSTests/ChangeLog

    r238581 r238596  
     12018-11-27  Saam barati  <sbarati@apple.com>
     2
     3        r238510 broke scopes of size zero
     4        https://bugs.webkit.org/show_bug.cgi?id=192033
     5        <rdar://problem/46281734>
     6
     7        Reviewed by Keith Miller.
     8
     9        * stress/r238510-bad-loop.js: Added.
     10        (foo):
     11
    1122018-11-27  Mark Lam  <mark.lam@apple.com>
    213

  • trunk/Source/JavaScriptCore/ChangeLog

    r238595 r238596  
     12018-11-27  Saam barati  <sbarati@apple.com>
     2
     3        r238510 broke scopes of size zero
     4        https://bugs.webkit.org/show_bug.cgi?id=192033
     5        <rdar://problem/46281734>
     6
     7        Reviewed by Keith Miller.
     8
     9        In r238510, I wrote the loop like this:
     10        `for (ScopeOffset offset { 0 }; offset <= symbolTable->maxScopeOffset(); offset += 1)`
     11       
     12        This breaks for scopes of size zero because maxScopeOffset() will be UINT_MAX.
     13       
     14        This patch fixes this by writing the loop as:
     15        `for (unsigned offset = 0; offset < symbolTable->scopeSize(); ++offset)`
     16
     17        * dfg/DFGObjectAllocationSinkingPhase.cpp:
     18
    1192018-11-27  Mark Lam  <mark.lam@apple.com>
    220

  • trunk/Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp

    r238510 r238596  
    879879                SymbolTable* symbolTable = node->castOperand<SymbolTable*>();
    880880                LazyNode initialValue(m_graph.freeze(node->initializationValueForActivation()));
    881                 for (ScopeOffset offset { 0 }; offset <= symbolTable->maxScopeOffset(); offset += 1) {
     881                for (unsigned offset = 0; offset < symbolTable->scopeSize(); ++offset) {
    882882                    writes.add(
    883                         PromotedLocationDescriptor(ClosureVarPLoc, offset.offset()),
     883                        PromotedLocationDescriptor(ClosureVarPLoc, offset),
    884884                        initialValue);
    885885                }
Note: See TracChangeset for help on using the changeset viewer.