Changeset 265112 in webkit
- Timestamp:
- Jul 30, 2020 3:17:10 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 3 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/stress/invalidate-array-iterator-prototype-next.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r265090 r265112 1 2020-07-30 Caio Lima <ticaiolima@gmail.com> 2 3 [JSC][32-bits] interator_next should check for EmptyValue instead of undefined to execute LLInt fast path 4 https://bugs.webkit.org/show_bug.cgi?id=214963 5 6 Reviewed by Yusuke Suzuki. 7 8 * stress/invalidate-array-iterator-prototype-next.js: Added. 9 1 10 2020-07-30 Yusuke Suzuki <ysuzuki@apple.com> 2 11 -
trunk/Source/JavaScriptCore/ChangeLog
r265097 r265112 1 2020-07-30 Caio Lima <ticaiolima@gmail.com> 2 3 [JSC][32-bits] interator_next should check for EmptyValue instead of undefined to execute LLInt fast path 4 https://bugs.webkit.org/show_bug.cgi?id=214963 5 6 Reviewed by Yusuke Suzuki. 7 8 There was a bug in previous implementation that allows execution of 9 `interator_next` fast path if we set ArrayIterator.prototype.next to 10 0. This happened because we were not properly checking `ValueEmpty` 11 from `m_next`. This patch is fixing such issue and doing the proper 12 verification. 13 14 * llint/LowLevelInterpreter32_64.asm: 15 1 16 2020-07-30 Saam Barati <sbarati@apple.com> 2 17 -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
r265036 r265112 2770 2770 2771 2771 loadVariable(get, m_next, t0, t1, t0) 2772 bieq t1, UndefinedTag, .iteratorNextGeneric 2773 btinz t0, .iteratorNextGeneric 2772 bineq t1, EmptyValueTag, .iteratorNextGeneric 2774 2773 2775 2774 macro fastNarrow()
Note: See TracChangeset
for help on using the changeset viewer.
