[JSC] to_index_string should not assume incoming value is Uint32
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Apr 2019 23:33:05 +0000 (23:33 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Apr 2019 23:33:05 +0000 (23:33 +0000)
commit362dfe71b87e088b21562118f87a615f8400c112
treecd4ca7c8bc7eebc6171f1eea0a70ee064b065f52
parent8a926c1715a72f4dec80086f6b40595ab9d09327
[JSC] to_index_string should not assume incoming value is Uint32
https://bugs.webkit.org/show_bug.cgi?id=196713

Reviewed by Saam Barati.

JSTests:

* stress/to-index-string-should-not-assume-incoming-value-is-uint32.js: Added.
(foo):

Source/JavaScriptCore:

The slow path of to_index_string assumes that incoming value is Uint32. But we should not have
this assumption since DFG may decide we should have it double format. This patch removes this
assumption, and instead, we should assume that incoming value is AnyInt and the range of this
is within Uint32.

* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244057 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/to-index-string-should-not-assume-incoming-value-is-uint32.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/CommonSlowPaths.cpp