[webkit-changes] [222041] tags/Safari-605.1.6/Source/JavaScriptCore

Thu, 14 Sep 2017 12:19:43 -0700

Title: [222041] tags/Safari-605.1.6/Source/_javascript_Core

Diff

Modified: tags/Safari-605.1.6/Source/_javascript_Core/ChangeLog (222040 => 222041)


--- tags/Safari-605.1.6/Source/_javascript_Core/ChangeLog	2017-09-14 19:18:25 UTC (rev 222040)
+++ tags/Safari-605.1.6/Source/_javascript_Core/ChangeLog	2017-09-14 19:18:56 UTC (rev 222041)
@@ -1,3 +1,18 @@
+2017-09-14  Jason Marcell  <[email protected]>
+
+        Cherry-pick r222035. rdar://problem/34422397
+
+    2017-09-14  Yusuke Suzuki  <[email protected]>
+
+            [JSC] Disable Arity Fixup Inlining until crash in facebook.com is fixed
+            https://bugs.webkit.org/show_bug.cgi?id=176917
+
+            Reviewed by Saam Barati.
+
+            * dfg/DFGByteCodeParser.cpp:
+            (JSC::DFG::ByteCodeParser::inliningCost):
+            * runtime/Options.h:
+
 2017-09-12  Yusuke Suzuki  <[email protected]>
 
         [DFG] Optimize WeakMap::get by adding intrinsic and fixup

Modified: tags/Safari-605.1.6/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (222040 => 222041)


--- tags/Safari-605.1.6/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2017-09-14 19:18:25 UTC (rev 222040)
+++ tags/Safari-605.1.6/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2017-09-14 19:18:56 UTC (rev 222041)
@@ -1422,7 +1422,7 @@
         addToGraph(Phantom, get(virtualRegisterForArgument(i, registerOffset)));
 }
 
-unsigned ByteCodeParser::inliningCost(CallVariant callee, int, InlineCallFrame::Kind kind)
+unsigned ByteCodeParser::inliningCost(CallVariant callee, int argumentCountIncludingThis, InlineCallFrame::Kind kind)
 {
     CallMode callMode = InlineCallFrame::callModeFor(kind);
     CodeSpecializationKind specializationKind = specializationKindFor(callMode);
@@ -1456,6 +1456,15 @@
         return UINT_MAX;
     }
 
+
+    if (!Options::useArityFixupInlining()) {
+        if (codeBlock->numParameters() > argumentCountIncludingThis) {
+            if (DFGByteCodeParserInternal::verbose)
+                dataLog("    Failing because of arity mismatch.\n");
+            return UINT_MAX;
+        }
+    }
+
     CapabilityLevel capabilityLevel = inlineFunctionForCapabilityLevel(
         codeBlock, specializationKind, callee.isClosureCall());
     if (DFGByteCodeParserInternal::verbose) {

Modified: tags/Safari-605.1.6/Source/_javascript_Core/runtime/Options.h (222040 => 222041)


--- tags/Safari-605.1.6/Source/_javascript_Core/runtime/Options.h	2017-09-14 19:18:25 UTC (rev 222040)
+++ tags/Safari-605.1.6/Source/_javascript_Core/runtime/Options.h	2017-09-14 19:18:56 UTC (rev 222041)
@@ -257,6 +257,7 @@
     v(bool, useMovHintRemoval, true, Normal, nullptr) \
     v(bool, usePutStackSinking, true, Normal, nullptr) \
     v(bool, useObjectAllocationSinking, true, Normal, nullptr) \
+    v(bool, useArityFixupInlining, false, Normal, nullptr) \
     v(bool, logExecutableAllocation, false, Normal, nullptr) \
     \
     v(bool, useConcurrentJIT, true, Normal, "allows the DFG / FTL compilation in threads other than the executing JS thread") \

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to