WebKit Bugzilla
Attachment 361364 Details for
Bug 194369
: [JSC] InitializeEntrypointArguments should produce SpecCellCheck if FlushFormat is FlushedCell
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-194369-20190206190327.patch (text/plain), 3.30 KB, created by
Yusuke Suzuki
on 2019-02-06 19:03:27 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2019-02-06 19:03:27 PST
Size:
3.30 KB
patch
obsolete
>Subversion Revision: 241111 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 9a9cc4423c16f6de8e7d5902c2aa2121578caf59..e5b1e4a4523aa95b3cf681e931223ff8a6e2adec 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,16 @@ >+2019-02-06 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] InitializeEntrypointArguments should produce SpecCellCheck if FlushFormat is FlushedCell >+ https://bugs.webkit.org/show_bug.cgi?id=194369 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ |this| is JS can be JSEmpty until super() is called due to TDZ. But InitializeEntrypointArguments says SpecCell >+ if the FlushFormat is FlushedCell. This proved type information removes necessary CheckNotEmpty in constant folding phase. >+ >+ * dfg/DFGAbstractInterpreterInlines.h: >+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): >+ > 2019-02-06 Devin Rousso <drousso@apple.com> > > Web Inspector: DOM: don't send the entire function string with each event listener >diff --git a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h >index 7581a1a7746e9870e79f92e2178fbd2c9759226d..c756cbc00d355187120d971f79f76d426a0c1ed3 100644 >--- a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h >+++ b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h >@@ -341,7 +341,7 @@ bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned clobberLimi > value.setNonCellType(SpecBoolean); > break; > case FlushedCell: >- value.setType(m_graph, SpecCell); >+ value.setType(m_graph, SpecCellCheck); > break; > case FlushedJSValue: > value.makeBytecodeTop(); >diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog >index 7d774fcdabd06d76dbd240519d1875487dc55c5b..f9cbe5b2f4c93d315933414464ea841cfa8d2554 100644 >--- a/JSTests/ChangeLog >+++ b/JSTests/ChangeLog >@@ -1,3 +1,13 @@ >+2019-02-06 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] InitializeEntrypointArguments should produce SpecCellCheck if FlushFormat is FlushedCell >+ https://bugs.webkit.org/show_bug.cgi?id=194369 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * stress/initialize-entrypoint-arguments-with-tdz.js: Added. >+ (A): >+ > 2019-02-06 Yusuke Suzuki <ysuzuki@apple.com> > > [JSC] PrivateName to PublicName hash table is wasteful >diff --git a/JSTests/stress/initialize-entrypoint-arguments-with-tdz.js b/JSTests/stress/initialize-entrypoint-arguments-with-tdz.js >new file mode 100644 >index 0000000000000000000000000000000000000000..9eac44173d8051484c770403520ba6efa438ba31 >--- /dev/null >+++ b/JSTests/stress/initialize-entrypoint-arguments-with-tdz.js >@@ -0,0 +1,26 @@ >+class A extends Object { >+ constructor(beforeSuper) { >+ let touchThis = () => { >+ try { >+ this.x = this.x; >+ } catch (e) { >+ } >+ try { >+ this.x = +this.x >+ } catch (e) { >+ } >+ }; >+ if (beforeSuper) { >+ touchThis(); >+ super(); >+ } else { >+ super(); >+ touchThis(); >+ } >+ } >+} >+ >+for (var i = 0; i < 10000; i++) { >+ new A(false); >+ new A(true); >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=361364">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194369
:
361364
|
361365
|
361366