Title: [228401] trunk
Revision
228401
Author
sbar...@apple.com
Date
2018-02-12 15:41:17 -0800 (Mon, 12 Feb 2018)

Log Message

DFG::emitCodeToGetArgumentsArrayLength needs to handle NewArrayBuffer/PhantomNewArrayBuffer
https://bugs.webkit.org/show_bug.cgi?id=182706
<rdar://problem/36833681>

Reviewed by Filip Pizlo.

JSTests:

* stress/get-array-length-phantom-new-array-buffer.js: Added.
(effects):
(foo):

Source/_javascript_Core:

When we added support for PhantomNewArrayBuffer, we forgot to update
the emitCodeToGetArgumentsArrayLength function to handle PhantomNewArrayBuffer.
This patch adds that support. It's trivial to generate the length for
a PhantomNewArrayBuffer node since it's a constant buffer, with a constant
length.

* dfg/DFGArgumentsUtilities.cpp:
(JSC::DFG::emitCodeToGetArgumentsArrayLength):

Modified Paths

Added Paths

Diff

Modified: trunk/JSTests/ChangeLog (228400 => 228401)


--- trunk/JSTests/ChangeLog	2018-02-12 23:28:51 UTC (rev 228400)
+++ trunk/JSTests/ChangeLog	2018-02-12 23:41:17 UTC (rev 228401)
@@ -1,3 +1,15 @@
+2018-02-12  Saam Barati  <sbar...@apple.com>
+
+        DFG::emitCodeToGetArgumentsArrayLength needs to handle NewArrayBuffer/PhantomNewArrayBuffer
+        https://bugs.webkit.org/show_bug.cgi?id=182706
+        <rdar://problem/36833681>
+
+        Reviewed by Filip Pizlo.
+
+        * stress/get-array-length-phantom-new-array-buffer.js: Added.
+        (effects):
+        (foo):
+
 2018-02-09  Filip Pizlo  <fpi...@apple.com>
 
         Don't waste memory for error.stack

Added: trunk/JSTests/stress/get-array-length-phantom-new-array-buffer.js (0 => 228401)


--- trunk/JSTests/stress/get-array-length-phantom-new-array-buffer.js	                        (rev 0)
+++ trunk/JSTests/stress/get-array-length-phantom-new-array-buffer.js	2018-02-12 23:41:17 UTC (rev 228401)
@@ -0,0 +1,14 @@
+function effects() {}
+noInline(effects);
+
+function foo() {
+    let x = [1,2,3];
+    effects();
+    return x.length;
+}
+noInline(foo);
+
+for (let i = 0; i < 100000; ++i) {
+    if (foo() !== 3)
+        throw new Error();
+}

Modified: trunk/Source/_javascript_Core/ChangeLog (228400 => 228401)


--- trunk/Source/_javascript_Core/ChangeLog	2018-02-12 23:28:51 UTC (rev 228400)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-02-12 23:41:17 UTC (rev 228401)
@@ -1,3 +1,20 @@
+2018-02-12  Saam Barati  <sbar...@apple.com>
+
+        DFG::emitCodeToGetArgumentsArrayLength needs to handle NewArrayBuffer/PhantomNewArrayBuffer
+        https://bugs.webkit.org/show_bug.cgi?id=182706
+        <rdar://problem/36833681>
+
+        Reviewed by Filip Pizlo.
+
+        When we added support for PhantomNewArrayBuffer, we forgot to update
+        the emitCodeToGetArgumentsArrayLength function to handle PhantomNewArrayBuffer.
+        This patch adds that support. It's trivial to generate the length for
+        a PhantomNewArrayBuffer node since it's a constant buffer, with a constant
+        length.
+
+        * dfg/DFGArgumentsUtilities.cpp:
+        (JSC::DFG::emitCodeToGetArgumentsArrayLength):
+
 2018-02-12  Mark Lam  <mark....@apple.com>
 
         Add more support for pointer preparations.

Modified: trunk/Source/_javascript_Core/dfg/DFGArgumentsUtilities.cpp (228400 => 228401)


--- trunk/Source/_javascript_Core/dfg/DFGArgumentsUtilities.cpp	2018-02-12 23:28:51 UTC (rev 228400)
+++ trunk/Source/_javascript_Core/dfg/DFGArgumentsUtilities.cpp	2018-02-12 23:41:17 UTC (rev 228401)
@@ -65,9 +65,15 @@
     DFG_ASSERT(
         graph, arguments,
         arguments->op() == CreateDirectArguments || arguments->op() == CreateScopedArguments
-        || arguments->op() == CreateClonedArguments || arguments->op() == CreateRest
-        || arguments->op() == PhantomDirectArguments || arguments->op() == PhantomClonedArguments || arguments->op() == PhantomCreateRest,
+        || arguments->op() == CreateClonedArguments || arguments->op() == CreateRest || arguments->op() == NewArrayBuffer
+        || arguments->op() == PhantomDirectArguments || arguments->op() == PhantomClonedArguments
+        || arguments->op() == PhantomCreateRest || arguments->op() == PhantomNewArrayBuffer,
         arguments->op());
+
+    if (arguments->op() == NewArrayBuffer || arguments->op() == PhantomNewArrayBuffer) {
+        return insertionSet.insertConstant(
+            nodeIndex, origin, jsNumber(arguments->castOperand<JSFixedArray*>()->length()));
+    }
     
     InlineCallFrame* inlineCallFrame = arguments->origin.semantic.inlineCallFrame;
 
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to