I think this is observable.
Created attachment 394532 [details]
Created attachment 394535 [details]
Add a few UNUSED_PARAM, drop extra JSC_HOST_CALL. I wonder if we need to ALWAYS_INLINE string*Impl()?
Comment on attachment 394535 [details]
View in context: https://bugs.webkit.org/attachment.cgi?id=394535&action=review
> + b) Removes `lastPosition` checks/updates, as there are none in the spec, and it was
> + equivalent to checking `nextSourcePosition`.
Nice catch. I wondered about this in my earlier patch but evidently didn't think about it long enough to realize it wasn't helping at all.
Created attachment 394541 [details]
Set correct 'length' of builtinStringSubstringInternal's JSFunction.
Comment on attachment 394541 [details]
View in context: https://bugs.webkit.org/attachment.cgi?id=394541&action=review
> + JSValue position = callFrame->argument(1);
> + UNUSED_PARAM(position);
> + ASSERT(position.isUndefined() || position.isNumber());
Here and below, if this is just for a non-release ASSERT, I suppose it'd be okay get the argument twice instead?
Created attachment 394561 [details]
Committed r259029: <https://trac.webkit.org/changeset/259029>
All reviewed patches have been landed. Closing bug and clearing flags on attachment 394561 [details].