r238510 broke scopes of size zero
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 28 Nov 2018 02:03:20 +0000 (02:03 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 28 Nov 2018 02:03:20 +0000 (02:03 +0000)
commitcb06e24623b97a345c6073f2abdfa713c61b8519
tree1aab1cdad9fb64088cb214d7635aeb9509543574
parent1cd30cccbe07e5fb96da1d5270f8ba4ac2072f33
r238510 broke scopes of size zero
https://bugs.webkit.org/show_bug.cgi?id=192033
<rdar://problem/46281734>

Reviewed by Keith Miller.

JSTests:

* stress/r238510-bad-loop.js: Added.
(foo):

Source/JavaScriptCore:

In r238510, I wrote the loop like this:
`for (ScopeOffset offset { 0 }; offset <= symbolTable->maxScopeOffset(); offset += 1)`

This breaks for scopes of size zero because maxScopeOffset() will be UINT_MAX.

This patch fixes this by writing the loop as:
`for (unsigned offset = 0; offset < symbolTable->scopeSize(); ++offset)`

* dfg/DFGObjectAllocationSinkingPhase.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@238596 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/r238510-bad-loop.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp