[webkit-changes] [WebKit/WebKit] 293d5d: [JSC] DFG String#charAt should support out-of-bounds

Tue, 27 Jun 2023 19:58:12 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 293d5d8cb3904456aa590d93825f4378bd104182
      
https://github.com/WebKit/WebKit/commit/293d5d8cb3904456aa590d93825f4378bd104182
  Author: Yusuke Suzuki <[email protected]>
  Date:   2023-06-27 (Tue, 27 Jun 2023)

  Changed paths:
    A JSTests/stress/string-charat-oob.js
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
    M Source/JavaScriptCore/dfg/DFGClobberize.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

  Log Message:
  -----------
  [JSC] DFG String#charAt should support out-of-bounds
https://bugs.webkit.org/show_bug.cgi?id=201678
rdar://111421698

Reviewed by Keith Miller.

This patch adds String#charAt OOB handling. Unlike `string[0]` case,
String#charAt always returns empty string when it is out-of-bounds index.
This is great since,

1. DFG AI just says it returns string regardless of whether it is OOB.
2. We do not need to consider OutOfBounds OSR exit. Let's just return empty 
string if it is OOB.

* JSTests/stress/string-charat-oob.js: Added.
(shouldBe):
(test):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAtImpl):

Canonical link: https://commits.webkit.org/265572@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to