[webkit-reviews] review granted: [Bug 176317] typeCheckHoistingPhase may emit a CheckStructure on the empty value which leads to a dereference of zero on 64 bit platforms : [Attachment 319861] patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Sep 4 20:13:20 PDT 2017
Keith Miller <keith_miller at apple.com> has granted Saam Barati
<sbarati at apple.com>'s request for review:
Bug 176317: typeCheckHoistingPhase may emit a CheckStructure on the empty value
which leads to a dereference of zero on 64 bit platforms
https://bugs.webkit.org/show_bug.cgi?id=176317
Attachment 319861: patch
https://bugs.webkit.org/attachment.cgi?id=319861&action=review
--- Comment #10 from Keith Miller <keith_miller at apple.com> ---
Comment on attachment 319861
--> https://bugs.webkit.org/attachment.cgi?id=319861
patch
View in context: https://bugs.webkit.org/attachment.cgi?id=319861&action=review
r=me with some comments.
> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:2370
> + // We rely on constant folding to CheckStructure to do the heavy
lifting
Typo: "We rely on constant folding to CheckStructure" => "We rely on (the?)
constant folding of CheckStructure"
Also, what's the reason to not do the conversion to CheckStructure here?
More information about the webkit-reviews
mailing list