Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 38c024bb251e05a3c3f6f08ed5a02de68c24b1b1
https://github.com/WebKit/WebKit/commit/38c024bb251e05a3c3f6f08ed5a02de68c24b1b1
Author: Yusuke Suzuki <[email protected]>
Date: 2026-02-23 (Mon, 23 Feb 2026)
Changed paths:
A JSTests/stress/heap-bigint-dfg-ftl-arith-bitwise-compare.js
A JSTests/stress/heap-bigint-dfg-ftl-inc-dec.js
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGGraph.h
M Source/JavaScriptCore/dfg/DFGOperations.cpp
M Source/JavaScriptCore/dfg/DFGOperations.h
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Log Message:
-----------
[JSC] Better HeapBigIntUse speculation in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=308406
rdar://170895703
Reviewed by Yijia Huang.
This patch adds HeapBigIntUse specialization for comparisons.
Also, we add unaryArithShouldSpeculateHeapBigInt /
binaryArithShouldSpeculateHeapBigInt.
They are tolerant against Other (null / undefined) pollutions and
putting HeapBigIntUse in a better manner.
Tests: JSTests/stress/heap-bigint-dfg-ftl-arith-bitwise-compare.js
JSTests/stress/heap-bigint-dfg-ftl-inc-dec.js
* JSTests/stress/heap-bigint-dfg-ftl-arith-bitwise-compare.js: Added.
(testAdd):
(testSub):
(testMul):
(testDiv):
(testMod):
(testBitAnd):
(testBitOr):
(testBitXor):
(testBitLShift):
(testBitRShift):
(testBitNot):
(testLess):
(testLessEq):
(testGreater):
(testGreaterEq):
(testEq):
(testStrictEq):
* JSTests/stress/heap-bigint-dfg-ftl-inc-dec.js: Added.
(testInc):
(testDec):
(testPostInc):
(testPostDec):
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixupToThis):
(JSC::DFG::FixupPhase::fixupToNumberOrToNumericOrCallNumberConstructor):
(JSC::DFG::FixupPhase::fixupCompareStrictEqAndSameValue):
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
Canonical link: https://commits.webkit.org/308054@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
