[webkit-reviews] review granted: [Bug 233408] FTL's implementation of HasIndexedProperty for InBounds accesses checks the inverse of what it should be checking when exiting by seeing a hole : [Attachment 445343] patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 29 14:30:12 PST 2021
Mark Lam <mark.lam at apple.com> has granted Saam Barati <sbarati at apple.com>'s
request for review:
Bug 233408: FTL's implementation of HasIndexedProperty for InBounds accesses
checks the inverse of what it should be checking when exiting by seeing a hole
https://bugs.webkit.org/show_bug.cgi?id=233408
Attachment 445343: patch
https://bugs.webkit.org/attachment.cgi?id=445343&action=review
--- Comment #4 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 445343
--> https://bugs.webkit.org/attachment.cgi?id=445343
patch
View in context: https://bugs.webkit.org/attachment.cgi?id=445343&action=review
r=me with fix.
> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:13398
>
m_out.notZero64(m_out.load64(baseIndex(m_heaps.ArrayStorage_vector, storage,
index, m_graph.varArgChild(m_node, 1))));
Shouldn't this be `isZero64` instead?
More information about the webkit-reviews
mailing list