Bug 140389

Summary:

DFG can call PutByValDirect for generic arrays

Product:

WebKit

Reporter:

Yusuke Suzuki <ysuzuki>

Component:

New Bugs

Assignee:

Yusuke Suzuki <ysuzuki>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, darin

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Description Yusuke Suzuki 2015-01-13 05:48:52 PST

DFG can call PutByValDirect for generic arrays

Comment 1 Yusuke Suzuki 2015-01-13 05:55:19 PST

Created attachment 244509 [details]
Patch

Comment 2 Yusuke Suzuki 2015-01-13 05:57:38 PST

Comment on attachment 244509 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=244509&action=review

Added comments.

> Source/JavaScriptCore/dfg/DFGOperations.cpp:-129
> -            asObject(baseValue)->putDirect(*vm, jsCast<NameInstance*>(property.asCell())->privateName(), value, slot);

Seeing the code, reaching here, property is guaranteed that it's not NameInstance.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2566
> +            DFG_ASSERT(m_jit.graph(), node, node->op() == PutByVal || node->op() == PutByValDirect);

PutByValDirect can use this path for computed properties in object initializers (ES6).

Comment 3 Geoffrey Garen 2015-01-13 11:36:03 PST

Comment on attachment 244509 [details]
Patch

r=me

Comment 4 WebKit Commit Bot 2015-01-13 12:18:09 PST

Comment on attachment 244509 [details]
Patch

Clearing flags on attachment: 244509

Committed r178370: <http://trac.webkit.org/changeset/178370>

Comment 5 WebKit Commit Bot 2015-01-13 12:18:12 PST

All reviewed patches have been landed.  Closing bug.