escargot icon indicating copy to clipboard operation
escargot copied to clipboard

Published 20 hours ago verified publisher icon Samsung

EmptyValue is recognized as a PointerValue in 64bit mode

Open clover2123 opened this issue 4 years ago • 0 comments

Escargot

  • OS: Ubuntu 18.04 (x64)

Describe the bug EmptyValue is recognized as a PointerValue in 64bit mode. Especially, Value::isPointerValue() returns true result for EmptyValue.

Analysis

inline bool Value::isPointerValue() const
{
    return !(u.asInt64 & TagMask);
}

EmptyValue has 0 (null) value in itself. Therefore the result of u.asInt64 & TagMask operation always false and isPointerValue() returns true. If I simply fix the check code as follow, octane score is dropped by 20 points.

inline bool Value::isPointerValue() const
{
    return !(u.asInt64 & TagMask) && u.ptr;
}

EmptyValue is not one of JavaScript types and used only inside the Escargot engine to represent invalid values such as array holes, uninitialized values etc. So there is no critical problem right now. But I write this issue to alert that PointerValue and EmptyValue should not be used together. Or at least, PointerValue check(isPointerValue) should not be called for EmptyValue. We may resolve this issue later.

clover2123 avatar Jan 22 '20 11:01 clover2123