escargot
escargot copied to clipboard
EmptyValue is recognized as a PointerValue in 64bit mode
Escargot
- OS: Ubuntu 18.04 (x64)
Describe the bug
EmptyValue is recognized as a PointerValue in 64bit mode.
Especially, Value::isPointerValue()
returns true result for EmptyValue.
Analysis
inline bool Value::isPointerValue() const
{
return !(u.asInt64 & TagMask);
}
EmptyValue has 0 (null) value in itself. Therefore the result of u.asInt64 & TagMask
operation always false and isPointerValue() returns true.
If I simply fix the check code as follow, octane score is dropped by 20 points.
inline bool Value::isPointerValue() const
{
return !(u.asInt64 & TagMask) && u.ptr;
}
EmptyValue is not one of JavaScript types and used only inside the Escargot engine to represent invalid values such as array holes, uninitialized values etc. So there is no critical problem right now. But I write this issue to alert that PointerValue and EmptyValue should not be used together. Or at least, PointerValue check(isPointerValue) should not be called for EmptyValue. We may resolve this issue later.