Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e7aeca7171e3be024a2efdc2eeddb55a9d9ba82b
      
https://github.com/WebKit/WebKit/commit/e7aeca7171e3be024a2efdc2eeddb55a9d9ba82b
  Author: Sosuke Suzuki <[email protected]>
  Date:   2024-09-26 (Thu, 26 Sep 2024)

  Changed paths:
    A JSTests/stress/array-prototype-concat-species.js
    M Source/JavaScriptCore/builtins/ArrayPrototype.js
    M Source/JavaScriptCore/builtins/BuiltinNames.h
    M Source/JavaScriptCore/bytecode/LinkTimeConstant.h
    M Source/JavaScriptCore/runtime/ArrayPrototype.cpp
    M Source/JavaScriptCore/runtime/ArrayPrototype.h
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp

  Log Message:
  -----------
  [JSC] Check if the species watchpoint is valid before `array.concat()` fast 
path
https://bugs.webkit.org/show_bug.cgi?id=280381

Reviewed by Yusuke Suzuki.

The Array.prototype.concat test262 started failing due to 
https://commits.webkit.org/284060@main.
This was because the species check was not performed before entering the fast 
path.

This patch changes to check whether the Array's species watchpoint is valid 
before entering the fast
path.

According to microbenchmarks, there seems to be no performance regression 
caused by this patch:

                                                  TipOfTree                  
Patched

array-prototype-concat-copy-obj                 1.2244+-0.2875     ?      
1.2272+-0.2899        ?
array-prototype-concat-copy-double-and-int32
                                                1.2631+-0.1158     ?      
1.3107+-0.0959        ? might be 1.0377x slower
array-prototype-concat-copy-double              1.2239+-0.2762            
1.0875+-0.1126          might be 1.1254x faster
array-prototype-concat-copy-int32               1.1629+-0.2731            
1.1406+-0.2677          might be 1.0196x faster

<geometric>                                     1.2119+-0.1094            
1.1832+-0.0463          might be 1.0243x faster

* JSTests/stress/array-prototype-concat-species.js: Added.
(shouldBe):
(Constructor):
* Source/JavaScriptCore/builtins/ArrayPrototype.js:
(concat):
* Source/JavaScriptCore/builtins/BuiltinNames.h:
* Source/JavaScriptCore/bytecode/LinkTimeConstant.h:
* Source/JavaScriptCore/runtime/ArrayPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/ArrayPrototype.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):

Canonical link: https://commits.webkit.org/284330@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to