Bug 194446 - Fix DFG's doesGC() for CheckTierUp*, GetByVal, PutByVal*, and StringCharAt nodes.
Summary: Fix DFG's doesGC() for CheckTierUp*, GetByVal, PutByVal*, and StringCharAt no...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-02-08 13:02 PST by Mark Lam
Modified: 2019-02-08 14:32 PST (History)
8 users (show)

See Also:


Attachments
proposed patch. (12.28 KB, patch)
2019-02-08 13:19 PST, Mark Lam
sbarati: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2019-02-08 13:02:55 PST
Patch coming.
Comment 1 Radar WebKit Bug Importer 2019-02-08 13:03:38 PST
<rdar://problem/47926792>
Comment 2 Mark Lam 2019-02-08 13:19:21 PST
Created attachment 361529 [details]
proposed patch.
Comment 3 Saam Barati 2019-02-08 13:39:03 PST
Comment on attachment 361529 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=361529&action=review

r=me

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2197
>      JITCompiler::Jump bigCharacter =
> -        m_jit.branch32(MacroAssembler::AboveOrEqual, scratchReg, TrustedImm32(0x100));
> +        m_jit.branch32(MacroAssembler::Above, scratchReg, TrustedImm32(maxSingleCharacterString));

This really doesn't belong in this patch.

> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:6615
> +            m_out.above(char16BitValue, m_out.constInt32(maxSingleCharacterString)),

ditto
Comment 4 Mark Lam 2019-02-08 13:42:20 PST
Comment on attachment 361529 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=361529&action=review

Thanks for the review.

>> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2197
>> +        m_jit.branch32(MacroAssembler::Above, scratchReg, TrustedImm32(maxSingleCharacterString));
> 
> This really doesn't belong in this patch.

I'll revert and apply this in a separate patch.

>> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:6615
>> +            m_out.above(char16BitValue, m_out.constInt32(maxSingleCharacterString)),
> 
> ditto

Same.
Comment 5 Mark Lam 2019-02-08 14:32:37 PST
Landed in r241210: <http://trac.webkit.org/r241210>.