Bug 229725 - Baseline JIT's in_by_val and emitHasPrivate should load the property before branching on if the base is a cell
Summary: Baseline JIT's in_by_val and emitHasPrivate should load the property before b...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-08-31 12:16 PDT by Saam Barati
Modified: 2021-08-31 15:47 PDT (History)
7 users (show)

See Also:

Attachments
patch (2.23 KB, patch)
2021-08-31 12:21 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2021-08-31 12:16:30 PDT 
Just for our own sanity when reasoning about what the slow paths do, we don't want a random value in property when the base isn't a cell.
Comment 1 Saam Barati 2021-08-31 12:21:42 PDT 
Created attachment 436926 [details]
patch
Comment 2 Yusuke Suzuki 2021-08-31 12:24:24 PDT 
Comment on attachment 436926 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=436926&action=review

r=me too

> Source/JavaScriptCore/jit/JITPropertyAccess.cpp:1519
>      emitArrayProfilingSiteWithCell(regT0, profile, regT2);

Can you also ensure that AccessCase IC code for InByVal / InById reserves the above registers if we go to the slow path?
Comment 3 Saam Barati 2021-08-31 12:32:21 PDT 
(In reply to Yusuke Suzuki from comment #2)
> Comment on attachment 436926 [details]
> patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=436926&action=review
> 
> r=me too
> 
> > Source/JavaScriptCore/jit/JITPropertyAccess.cpp:1519
> >      emitArrayProfilingSiteWithCell(regT0, profile, regT2);
> 
> Can you also ensure that AccessCase IC code for InByVal / InById reserves
> the above registers if we go to the slow path?

Confirmed that they do not clobber these registers.
Comment 4 EWS 2021-08-31 15:46:14 PDT 
Committed r281826 (241160@main): <https://commits.webkit.org/241160@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 436926 [details].
Comment 5 Radar WebKit Bug Importer 2021-08-31 15:47:19 PDT 
<rdar://problem/82600217>