[webkit-changes] [195713] branches/safari-601-branch/Source/JavaScriptCore

Wed, 27 Jan 2016 17:33:48 -0800

Title: [195713] branches/safari-601-branch/Source/_javascript_Core

Diff

Modified: branches/safari-601-branch/Source/_javascript_Core/ChangeLog (195712 => 195713)


--- branches/safari-601-branch/Source/_javascript_Core/ChangeLog	2016-01-28 01:14:15 UTC (rev 195712)
+++ branches/safari-601-branch/Source/_javascript_Core/ChangeLog	2016-01-28 01:34:00 UTC (rev 195713)
@@ -1,3 +1,25 @@
+2016-01-27  Matthew Hanson  <[email protected]>
+
+        Merge r193782. rdar://problem/24358367
+
+    2015-12-08  Filip Pizlo  <[email protected]>
+
+            DFG::UnificationPhase should merge isProfitableToUnbox, since this may have been set in ByteCodeParser
+            https://bugs.webkit.org/show_bug.cgi?id=152011
+            rdar://problem/23777875
+
+            Reviewed by Michael Saboff.
+
+            Previously UnificationPhase did not merge this because we used to only set this in FixupPhase, which runs after unification. But now
+            ByteCodeParser may set isProfitableToUnbox as part of how it handles the ArgumentCount of an inlined varargs call, so UnificationPhase
+            needs to merge it after unifying.
+
+            Also changed the order of unification since this makes the bug more obvious and easier to test.
+
+            * dfg/DFGUnificationPhase.cpp:
+            (JSC::DFG::UnificationPhase::run):
+            * tests/stress/varargs-with-unused-count.js: Added.
+
 2016-01-13  Matthew Hanson  <[email protected]>
 
         Merge r193939. rdar://problem/24154418

Modified: branches/safari-601-branch/Source/_javascript_Core/dfg/DFGUnificationPhase.cpp (195712 => 195713)


--- branches/safari-601-branch/Source/_javascript_Core/dfg/DFGUnificationPhase.cpp	2016-01-28 01:14:15 UTC (rev 195712)
+++ branches/safari-601-branch/Source/_javascript_Core/dfg/DFGUnificationPhase.cpp	2016-01-28 01:34:00 UTC (rev 195713)
@@ -60,8 +60,7 @@
                     if (!phi->children.child(childIdx))
                         break;
                     
-                    phi->variableAccessData()->unify(
-                        phi->children.child(childIdx)->variableAccessData());
+                    phi->children.child(childIdx)->variableAccessData()->unify(phi->variableAccessData());
                 }
             }
         }
@@ -74,6 +73,7 @@
             data->find()->mergeCheckArrayHoistingFailed(data->checkArrayHoistingFailed());
             data->find()->mergeShouldNeverUnbox(data->shouldNeverUnbox());
             data->find()->mergeIsLoadedFrom(data->isLoadedFrom());
+            data->find()->mergeIsProfitableToUnbox(data->isProfitableToUnbox());
         }
         
         m_graph.m_unificationState = GloballyUnified;

Added: branches/safari-601-branch/Source/_javascript_Core/tests/stress/varargs-with-unused-count.js (0 => 195713)


--- branches/safari-601-branch/Source/_javascript_Core/tests/stress/varargs-with-unused-count.js	                        (rev 0)
+++ branches/safari-601-branch/Source/_javascript_Core/tests/stress/varargs-with-unused-count.js	2016-01-28 01:34:00 UTC (rev 195713)
@@ -0,0 +1,23 @@
+function foo(p, q, r) {
+    while (r) {
+        if (p)
+            return 1;
+        else if (p)
+            return 2;
+        else
+            throw "error";
+    }
+}
+
+function bar() {
+    foo.apply(this, arguments);
+}
+
+function baz(a, b, c, d) {
+    bar(a, b, c, d);
+}
+
+noInline(baz);
+
+for (var i = 0; i < 10000; ++i)
+    baz(1, 2, 3, 4);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to