Bug 194446 - Fix DFG's doesGC() for CheckTierUp*, GetByVal, PutByVal*, and StringCharAt nodes.
Summary: Fix DFG's doesGC() for CheckTierUp*, GetByVal, PutByVal*, and StringCharAt no...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-02-08 13:02 PST by Mark Lam
Modified: 2019-02-08 14:32 PST (History)
8 users (show)

See Also:

Attachments
proposed patch. (12.28 KB, patch)
2019-02-08 13:19 PST, Mark Lam 		saam: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2019-02-08 13:02:55 PST 
Patch coming.
Comment 1 Radar WebKit Bug Importer 2019-02-08 13:03:38 PST 
<rdar://problem/47926792>
Comment 2 Mark Lam 2019-02-08 13:19:21 PST 
Created attachment 361529 [details]
proposed patch.
Comment 3 Saam Barati 2019-02-08 13:39:03 PST 
Comment on attachment 361529 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=361529&action=review

r=me

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2197
>      JITCompiler::Jump bigCharacter =
> -        m_jit.branch32(MacroAssembler::AboveOrEqual, scratchReg, TrustedImm32(0x100));
> +        m_jit.branch32(MacroAssembler::Above, scratchReg, TrustedImm32(maxSingleCharacterString));

This really doesn't belong in this patch.

> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:6615
> +            m_out.above(char16BitValue, m_out.constInt32(maxSingleCharacterString)),

ditto
Comment 4 Mark Lam 2019-02-08 13:42:20 PST 
Comment on attachment 361529 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=361529&action=review

Thanks for the review.

>> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:2197
>> +        m_jit.branch32(MacroAssembler::Above, scratchReg, TrustedImm32(maxSingleCharacterString));
> 
> This really doesn't belong in this patch.

I'll revert and apply this in a separate patch.

>> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:6615
>> +            m_out.above(char16BitValue, m_out.constInt32(maxSingleCharacterString)),
> 
> ditto

Same.
Comment 5 Mark Lam 2019-02-08 14:32:37 PST 
Landed in r241210: <http://trac.webkit.org/r241210>.