I think that for primitive gigacage, it has to do it. The tricky thing about it is that it needs to handle null vectors.
Created attachment 317998 [details] maybe the patch
Created attachment 317999 [details] the patch
Comment on attachment 317999 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=317999&action=review > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:11653 > + LBasicBlock lastNext = m_out.insertNewBlocksBefore(notNull); Why this instead of relying on the result of appendTo below?
(In reply to Saam Barati from comment #3) > Comment on attachment 317999 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=317999&action=review > > > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:11653 > > + LBasicBlock lastNext = m_out.insertNewBlocksBefore(notNull); > > Why this instead of relying on the result of appendTo below? That way, the code that we insert at the end of the current block will do the right thing if it also contains a control flow diamond. Using the result of appendTo() is only safe if you are absolutely sure that none of the things you did before newBlock and appendTo added any other blocks. Therefore, although I used to use the result of appendTo() a lot, I don't think it's actually safe.
Landed in https://trac.webkit.org/changeset/220628/webkit
<rdar://problem/33865694>