RESOLVED FIXED 194446
Fix DFG's doesGC() for CheckTierUp*, GetByVal, PutByVal*, and StringCharAt nodes. 
https://bugs.webkit.org/show_bug.cgi?id=194446
Summary Fix DFG's doesGC() for CheckTierUp*, GetByVal, PutByVal*, and StringCharAt no...
Mark Lam
Reported 2019-02-08 13:02:55 PST
Patch coming.
Attachments
proposed patch. (12.28 KB, patch)
2019-02-08 13:19 PST, Mark Lam 		saam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-02-08 13:03:38 PST
<rdar://problem/47926792>
Mark Lam
Comment 2 2019-02-08 13:19:21 PST
Created attachment 361529 [details] proposed patch.
Saam Barati
Comment 3 2019-02-08 13:39:03 PST
Comment on attachment 361529 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=361529&action=review r=me > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2197 > JITCompiler::Jump bigCharacter = > - m_jit.branch32(MacroAssembler::AboveOrEqual, scratchReg, TrustedImm32(0x100)); > + m_jit.branch32(MacroAssembler::Above, scratchReg, TrustedImm32(maxSingleCharacterString)); This really doesn't belong in this patch. > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:6615 > + m_out.above(char16BitValue, m_out.constInt32(maxSingleCharacterString)), ditto
Mark Lam
Comment 4 2019-02-08 13:42:20 PST
Comment on attachment 361529 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=361529&action=review Thanks for the review. >> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2197 >> + m_jit.branch32(MacroAssembler::Above, scratchReg, TrustedImm32(maxSingleCharacterString)); > > This really doesn't belong in this patch. I'll revert and apply this in a separate patch. >> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:6615 >> + m_out.above(char16BitValue, m_out.constInt32(maxSingleCharacterString)), > > ditto Same.
Mark Lam
Comment 5 2019-02-08 14:32:37 PST
Landed in r241210: <http://trac.webkit.org/r241210>.
Note You need to log in before you can comment on or make changes to this bug.