Title: [207915] branches/safari-602-branch
- Revision
- 207915
- Author
- [email protected]
- Date
- 2016-10-26 16:17:44 -0700 (Wed, 26 Oct 2016)
Log Message
Merge r207623. rdar://problem/28857477
Modified Paths
Added Paths
Diff
Modified: branches/safari-602-branch/JSTests/ChangeLog (207914 => 207915)
--- branches/safari-602-branch/JSTests/ChangeLog 2016-10-26 23:15:51 UTC (rev 207914)
+++ branches/safari-602-branch/JSTests/ChangeLog 2016-10-26 23:17:44 UTC (rev 207915)
@@ -1,3 +1,19 @@
+2016-10-24 Matthew Hanson <[email protected]>
+
+ Merge r207623. rdar://problem/28857477
+
+ 2016-10-20 Keith Miller <[email protected]>
+
+ Invalid assertion in arguments elimination
+ https://bugs.webkit.org/show_bug.cgi?id=163740
+ <rdar://problem/27911462>
+
+ Reviewed by Michael Saboff.
+
+ * stress/direct-arguments-osr-entry.js: Added.
+ (foo.):
+ (foo):
+
2016-10-12 Matthew Hanson <[email protected]>
Merge r206472. rdar://problem/28545009
Added: branches/safari-602-branch/JSTests/stress/direct-arguments-osr-entry.js (0 => 207915)
--- branches/safari-602-branch/JSTests/stress/direct-arguments-osr-entry.js (rev 0)
+++ branches/safari-602-branch/JSTests/stress/direct-arguments-osr-entry.js 2016-10-26 23:17:44 UTC (rev 207915)
@@ -0,0 +1,22 @@
+// This tests that arguments elimination works with OSR entry.
+// We need to have an inner call so that arguments elimination
+// sees there are potential candidates.
+
+var args;
+
+function foo(a)
+{
+ args = arguments;
+ var result = 0;
+ for (var i = 0; i < 1000000; ++i) {
+ (function() {
+ return arguments[0];
+ })(42);
+ result += a;
+ }
+ return result;
+}
+
+noInline(foo);
+
+foo(42);
Modified: branches/safari-602-branch/Source/_javascript_Core/ChangeLog (207914 => 207915)
--- branches/safari-602-branch/Source/_javascript_Core/ChangeLog 2016-10-26 23:15:51 UTC (rev 207914)
+++ branches/safari-602-branch/Source/_javascript_Core/ChangeLog 2016-10-26 23:17:44 UTC (rev 207915)
@@ -1,3 +1,24 @@
+2016-10-24 Matthew Hanson <[email protected]>
+
+ Merge r207623. rdar://problem/28857477
+
+ 2016-10-20 Keith Miller <[email protected]>
+
+ Invalid assertion in arguments elimination
+ https://bugs.webkit.org/show_bug.cgi?id=163740
+ <rdar://problem/27911462>
+
+ Reviewed by Michael Saboff.
+
+ The DFGFTL's arguments elimination phase incorrectly asserted that a GetFromArguments' first
+ child would always be a CreateDirectArguments. While we only create the
+ op_get_from_arguments bytecode pointing to a create_direct_arguments, its possible for a
+ number of reasons that a DFG GetFromArguments may not point to a CreateDirectArguments. For
+ example, if we are OSR entering in some function with direct arguments the
+ CreateDirectArguments node might become ExtractOSREntryLocals.
+
+ * dfg/DFGArgumentsEliminationPhase.cpp:
+
2016-10-12 Matthew Hanson <[email protected]>
Merge r206955. rdar://problem/28216236
Modified: branches/safari-602-branch/Source/_javascript_Core/dfg/DFGArgumentsEliminationPhase.cpp (207914 => 207915)
--- branches/safari-602-branch/Source/_javascript_Core/dfg/DFGArgumentsEliminationPhase.cpp 2016-10-26 23:15:51 UTC (rev 207914)
+++ branches/safari-602-branch/Source/_javascript_Core/dfg/DFGArgumentsEliminationPhase.cpp 2016-10-26 23:17:44 UTC (rev 207915)
@@ -169,7 +169,6 @@
for (Node* node : *block) {
switch (node->op()) {
case GetFromArguments:
- DFG_ASSERT(m_graph, node, node->child1()->op() == CreateDirectArguments);
break;
case GetByVal:
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
