-
fpizlo@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=90026 <rdar://problem/11751830> Source/JavaScriptCore: Reviewed by Gavin Barraclough. For CSE on normal arrays, we now treat PutByVal as impure. This does not appear to affect performance by much. For CSE on typed arrays, we fix PutByValAlias by making GetByVal speculate that the access is within bounds. This also has the effect of making our out-of-bounds handling consistent with WebCore. * dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::performNodeCSE): * dfg/DFGGraph.h: (JSC::DFG::Graph::byValIsPure): (JSC::DFG::Graph::clobbersWorld): * dfg/DFGNodeType.h: (DFG): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): LayoutTests: Reviewed by Gavin Barraclough. * fast/js/dfg-put-by-val-setter-then-get-by-val-expected.txt: Added. * fast/js/dfg-put-by-val-setter-then-get-by-val.html: Added. * fast/js/dfg-uint8clampedarray-out-of-bounds-put-by-val-alias-expected.txt: Added. * fast/js/dfg-uint8clampedarray-out-of-bounds-put-by-val-alias.html: Added. * fast/js/script-tests/dfg-put-by-val-setter-then-get-by-val.js: Added. (foo): (for): * fast/js/script-tests/dfg-uint8clampedarray-out-of-bounds-put-by-val-alias.js: Added. (foo): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121307 268f45cc-cd09-0410-ab3c-d52691b4dbfc
580d9d77