Skip to content
  • oliver@apple.com's avatar
    fourthTier: DFG should't exit just because it GetByVal'd a big character · 63af2d44
    oliver@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=117899
    
    Source/JavaScriptCore:
    
    Reviewed by Mark Hahnenberg.
    
    Add a slow path. Also clarify handling of GetByVal in PutStructure elimination.
    Previously it would fail due to canExit() but now we can also fail because
    GetByVal(String) can allocate. Just make it so GetByVal is totally poisoned, in
    a very explicit way.
    
    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::CSEPhase::putStructureStoreElimination):
    * dfg/DFGOperations.cpp:
    * dfg/DFGOperations.h:
    * dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
    * dfg/DFGSpeculativeJIT.h:
    (JSC::DFG::SpeculativeJIT::callOperation):
    (SpeculativeJIT):
    
    LayoutTests:
    
    Reviewed by Mark Hahnenberg.
    
    This benchmark speeds up by 3x.
    
    * fast/js/regress/script-tests/string-get-by-val-big-char.js: Added.
    (foo):
    * fast/js/regress/string-get-by-val-big-char-expected.txt: Added.
    * fast/js/regress/string-get-by-val-big-char.html: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153241 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    63af2d44