175366 – FTL's compileGetTypedArrayByteOffset needs to do caging

RESOLVED FIXED Bug 175366

FTL's compileGetTypedArrayByteOffset needs to do caging

https://bugs.webkit.org/show_bug.cgi?id=175366

Summary FTL's compileGetTypedArrayByteOffset needs to do caging

Filip Pizlo

Reported 2017-08-08 22:08:17 PDT

I think that for primitive gigacage, it has to do it. The tricky thing about it is that it needs to handle null vectors.

Attachments
maybe the patch (5.85 KB, patch) 2017-08-12 11:55 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (6.01 KB, patch) 2017-08-12 12:26 PDT, Filip Pizlo	saam: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2017-08-12 11:55:29 PDT

Created attachment 317998 [details] maybe the patch

Filip Pizlo

Comment 2 2017-08-12 12:26:45 PDT

Created attachment 317999 [details] the patch

Saam Barati

Comment 3 2017-08-12 15:37:53 PDT

Comment on attachment 317999 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=317999&action=review > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:11653 > + LBasicBlock lastNext = m_out.insertNewBlocksBefore(notNull); Why this instead of relying on the result of appendTo below?

Filip Pizlo

Comment 4 2017-08-12 18:56:03 PDT

(In reply to Saam Barati from comment #3) > Comment on attachment 317999 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=317999&action=review > > > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:11653 > > + LBasicBlock lastNext = m_out.insertNewBlocksBefore(notNull); > > Why this instead of relying on the result of appendTo below? That way, the code that we insert at the end of the current block will do the right thing if it also contains a control flow diamond. Using the result of appendTo() is only safe if you are absolutely sure that none of the things you did before newBlock and appendTo added any other blocks. Therefore, although I used to use the result of appendTo() a lot, I don't think it's actually safe.

Filip Pizlo

Comment 5 2017-08-12 18:59:32 PDT

Landed in https://trac.webkit.org/changeset/220628/webkit

Radar WebKit Bug Importer

Comment 6 2017-08-12 18:59:58 PDT

<rdar://problem/33865694>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Filip Pizlo

Reported

2017-08-08 22:08 PDT

Modified

2017-08-12 18:59 PDT History

CC List

8 users Show

URL

Keywords InRadar

Depends on

Blocks

174917

Dependancies

tree graph