Bug 193483

Summary: StringObjectUse should not be a structure check for the original string object structure
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, mcatanzaro, msaboff, rmorisset, ticaiolima, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch
ysuzuki: review+
patch for landing none

Saam Barati
Reported 2019-01-15 19:45:33 PST
This is probably buggy, and goes against how we use UseKinds elsewhere. We should figure out the handful of places that actually rely on this behavior and have them emit a CheckStructure. And then change StringObjectUse to just mean that the thing has StringObject classInfo.
Attachments
patch (35.69 KB, patch)
2019-01-16 23:16 PST, Saam Barati 		ysuzuki: review+
DetailsFormatted DiffDiff
patch for landing (35.71 KB, patch)
2019-01-17 00:11 PST, Saam Barati 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2019-01-16 22:52:45 PST
<rdar://problem/47280522>
Saam Barati
Comment 2 2019-01-16 23:16:08 PST
Created attachment 359354 [details] patch
Yusuke Suzuki
Comment 3 2019-01-16 23:33:24 PST
Comment on attachment 359354 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=359354&action=review r=me with FTL fixes > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:6335 > + LValue type = m_out.load32(cell, m_heaps.JSCell_typeInfoType); load8ZeroExt32? > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:16068 > + LValue type = m_out.load32(cellBase, m_heaps.JSCell_typeInfoType); Ditto. > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:16088 > + LValue type = m_out.load32(cell, m_heaps.JSCell_typeInfoType); Ditto.
Saam Barati
Comment 4 2019-01-17 00:07:31 PST
Comment on attachment 359354 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=359354&action=review >> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:6335 >> + LValue type = m_out.load32(cell, m_heaps.JSCell_typeInfoType); > > load8ZeroExt32? Oops. Will fix
Saam Barati
Comment 5 2019-01-17 00:11:52 PST
Created attachment 359359 [details] patch for landing
WebKit Commit Bot
Comment 6 2019-01-17 09:50:33 PST
Comment on attachment 359359 [details] patch for landing Clearing flags on attachment: 359359 Committed r240114: <https://trac.webkit.org/changeset/240114>
WebKit Commit Bot
Comment 7 2019-01-17 09:50:35 PST
All reviewed patches have been landed. Closing bug.
Michael Catanzaro
Comment 8 2019-01-20 21:04:25 PST
Committed r240225: <https://trac.webkit.org/changeset/240225>
Note You need to log in before you can comment on or make changes to this bug.