[webkit-changes] [228457] branches/safari-605-branch

[jmarcell]

Title: [228457] branches/safari-605-branch

Revision

228457

Author

jmarc...@apple.com

Date

2018-02-13 22:05:25 -0800 (Tue, 13 Feb 2018)

Log Message

Cherry-pick r228401. rdar://problem/37521078

Modified Paths

branches/safari-605-branch/JSTests/ChangeLog
branches/safari-605-branch/Source/_javascript_Core/ChangeLog
branches/safari-605-branch/Source/_javascript_Core/dfg/DFGArgumentsUtilities.cpp


Added Paths

branches/safari-605-branch/JSTests/stress/get-array-length-phantom-new-array-buffer.js

Diff

Modified: branches/safari-605-branch/JSTests/ChangeLog (228456 => 228457)

--- branches/safari-605-branch/JSTests/ChangeLog	2018-02-14 06:05:22 UTC (rev 228456)
+++ branches/safari-605-branch/JSTests/ChangeLog	2018-02-14 06:05:25 UTC (rev 228457)
@@ -1,3 +1,19 @@
+2018-02-13  Jason Marcell  <jmarc...@apple.com>
+
+        Cherry-pick r228401. rdar://problem/37521078
+
+    2018-02-12  Saam Barati  <sbar...@apple.com>
+
+            DFG::emitCodeToGetArgumentsArrayLength needs to handle NewArrayBuffer/PhantomNewArrayBuffer
+            https://bugs.webkit.org/show_bug.cgi?id=182706
+            <rdar://problem/36833681>
+
+            Reviewed by Filip Pizlo.
+
+            * stress/get-array-length-phantom-new-array-buffer.js: Added.
+            (effects):
+            (foo):
+
 2018-02-06  Jason Marcell  <jmarc...@apple.com>
 
         Cherry-pick r228193. rdar://problem/37292950

Added: branches/safari-605-branch/JSTests/stress/get-array-length-phantom-new-array-buffer.js (0 => 228457)

--- branches/safari-605-branch/JSTests/stress/get-array-length-phantom-new-array-buffer.js	                        (rev 0)
+++ branches/safari-605-branch/JSTests/stress/get-array-length-phantom-new-array-buffer.js	2018-02-14 06:05:25 UTC (rev 228457)
@@ -0,0 +1,14 @@
+function effects() {}
+noInline(effects);
+
+function foo() {
+    let x = [1,2,3];
+    effects();
+    return x.length;
+}
+noInline(foo);
+
+for (let i = 0; i < 100000; ++i) {
+    if (foo() !== 3)
+        throw new Error();
+}

Modified: branches/safari-605-branch/Source/_javascript_Core/ChangeLog (228456 => 228457)

--- branches/safari-605-branch/Source/_javascript_Core/ChangeLog	2018-02-14 06:05:22 UTC (rev 228456)
+++ branches/safari-605-branch/Source/_javascript_Core/ChangeLog	2018-02-14 06:05:25 UTC (rev 228457)
@@ -1,3 +1,24 @@
+2018-02-13  Jason Marcell  <jmarc...@apple.com>
+
+        Cherry-pick r228401. rdar://problem/37521078
+
+    2018-02-12  Saam Barati  <sbar...@apple.com>
+
+            DFG::emitCodeToGetArgumentsArrayLength needs to handle NewArrayBuffer/PhantomNewArrayBuffer
+            https://bugs.webkit.org/show_bug.cgi?id=182706
+            <rdar://problem/36833681>
+
+            Reviewed by Filip Pizlo.
+
+            When we added support for PhantomNewArrayBuffer, we forgot to update
+            the emitCodeToGetArgumentsArrayLength function to handle PhantomNewArrayBuffer.
+            This patch adds that support. It's trivial to generate the length for
+            a PhantomNewArrayBuffer node since it's a constant buffer, with a constant
+            length.
+
+            * dfg/DFGArgumentsUtilities.cpp:
+            (JSC::DFG::emitCodeToGetArgumentsArrayLength):
+
 2018-02-06  Jason Marcell  <jmarc...@apple.com>
 
         Cherry-pick r228193. rdar://problem/37292950

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGArgumentsUtilities.cpp (228456 => 228457)

--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGArgumentsUtilities.cpp	2018-02-14 06:05:22 UTC (rev 228456)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGArgumentsUtilities.cpp	2018-02-14 06:05:25 UTC (rev 228457)
@@ -65,9 +65,15 @@
     DFG_ASSERT(
         graph, arguments,
         arguments->op() == CreateDirectArguments || arguments->op() == CreateScopedArguments
-        || arguments->op() == CreateClonedArguments || arguments->op() == CreateRest
-        || arguments->op() == PhantomDirectArguments || arguments->op() == PhantomClonedArguments || arguments->op() == PhantomCreateRest,
+        || arguments->op() == CreateClonedArguments || arguments->op() == CreateRest || arguments->op() == NewArrayBuffer
+        || arguments->op() == PhantomDirectArguments || arguments->op() == PhantomClonedArguments
+        || arguments->op() == PhantomCreateRest || arguments->op() == PhantomNewArrayBuffer,
         arguments->op());
+
+    if (arguments->op() == NewArrayBuffer || arguments->op() == PhantomNewArrayBuffer) {
+        return insertionSet.insertConstant(
+            nodeIndex, origin, jsNumber(arguments->castOperand<JSFixedArray*>()->length()));
+    }
     
     InlineCallFrame* inlineCallFrame = arguments->origin.semantic.inlineCallFrame;
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes