[webkit-changes] [226254] trunk/Source/JavaScriptCore

Thu, 21 Dec 2017 19:11:10 -0800

Title: [226254] trunk/Source/_javascript_Core
Revision
226254
Author
sbar...@apple.com
Date
2017-12-21 19:05:18 -0800 (Thu, 21 Dec 2017)

Log Message

lowering get_by_val to GetById inside bytecode parser should check for BadType exit kind
https://bugs.webkit.org/show_bug.cgi?id=181112

Reviewed by Mark Lam.

The React subtest in Speedometer has a get_by_val it always converts
into a GetById in the DFG. This GetById always exits because of the incoming
identifier is a rope. This patch fixes this infinite exit loop
by only doing this transformation if we haven't exited due to BadType.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (226253 => 226254)


--- trunk/Source/_javascript_Core/ChangeLog	2017-12-22 02:17:58 UTC (rev 226253)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-12-22 03:05:18 UTC (rev 226254)
@@ -1,3 +1,18 @@
+2017-12-21  Saam Barati  <sbar...@apple.com>
+
+        lowering get_by_val to GetById inside bytecode parser should check for BadType exit kind
+        https://bugs.webkit.org/show_bug.cgi?id=181112
+
+        Reviewed by Mark Lam.
+
+        The React subtest in Speedometer has a get_by_val it always converts
+        into a GetById in the DFG. This GetById always exits because of the incoming
+        identifier is a rope. This patch fixes this infinite exit loop
+        by only doing this transformation if we haven't exited due to BadType.
+
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+
 2017-12-21  Mark Lam  <mark....@apple.com>
 
         Add WTF::PoisonedUniquePtr to replace std::unique_ptr when poisoning is desired.

Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (226253 => 226254)


--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2017-12-22 02:17:58 UTC (rev 226253)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2017-12-22 03:05:18 UTC (rev 226254)
@@ -4875,7 +4875,12 @@
                 ByValInfo* byValInfo = m_inlineStackTop->m_byValInfos.get(CodeOrigin(currentCodeOrigin().bytecodeIndex));
                 // FIXME: When the bytecode is not compiled in the baseline JIT, byValInfo becomes null.
                 // At that time, there is no information.
-                if (byValInfo && byValInfo->stubInfo && !byValInfo->tookSlowPath && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadIdent) && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadCell)) {
+                if (byValInfo
+                    && byValInfo->stubInfo
+                    && !byValInfo->tookSlowPath
+                    && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadIdent)
+                    && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadType)
+                    && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadCell)) {
                     compiledAsGetById = true;
                     identifierNumber = m_graph.identifiers().ensure(byValInfo->cachedId.impl());
                     UniquedStringImpl* uid = m_graph.identifiers()[identifierNumber];

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to