Changeset 240681 in webkit for trunk/Source/JavaScriptCore
- Timestamp:
- Jan 29, 2019, 2:04:47 PM (6 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
bytecode/ValueRecovery.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r240679 r240681 1 2019-01-29 Mark Lam <[email protected]> 2 3 ValueRecovery::recover() should purify NaN values it recovers. 4 https://bugs.webkit.org/show_bug.cgi?id=193978 5 <rdar://problem/47625488> 6 7 Reviewed by Saam Barati. 8 9 According to DFG::OSRExit::executeOSRExit() and DFG::OSRExit::compileExit(), 10 recovered DoubleDisplacedInJSStack values need to be purified. 11 ValueRecovery::recover() should do the same. 12 13 * bytecode/ValueRecovery.cpp: 14 (JSC::ValueRecovery::recover const): 15 1 16 2019-01-29 Yusuke Suzuki <[email protected]> 2 17 -
trunk/Source/JavaScriptCore/bytecode/ValueRecovery.cpp
r189192 r240681 1 1 /* 2 * Copyright (C) 2011 , 2013, 2015Apple Inc. All rights reserved.2 * Copyright (C) 2011-2019 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 44 44 return jsNumber(exec->r(virtualRegister().offset()).unboxedStrictInt52()); 45 45 case DoubleDisplacedInJSStack: 46 return jsNumber( exec->r(virtualRegister().offset()).unboxedDouble());46 return jsNumber(purifyNaN(exec->r(virtualRegister().offset()).unboxedDouble())); 47 47 case CellDisplacedInJSStack: 48 48 return exec->r(virtualRegister().offset()).unboxedCell();
Note:
See TracChangeset
for help on using the changeset viewer.
