This implies that the LLInt and baseline JIT must profile which structure was observed, so that the DFG may pick the right structure to check on the fast path.
Created attachment 156431 [details] work in progress
Created attachment 156494 [details] more
Created attachment 158235 [details] the patch
Attachment 158235 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/CMakeLists.txt', u'S..." exit_code: 1 Source/JavaScriptCore/bytecode/Instruction.h:49: Code inside a namespace should not be indented. [whitespace/indent] [4] Source/JavaScriptCore/bytecode/ArrayProfile.h:79: The parameter name "operation" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 2 in 29 files If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 158235 [details] the patch Attachment 158235 [details] did not pass win-ews (win): Output: http://queues.webkit.org/results/13501104
Comment on attachment 158235 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=158235&action=review Looks good overall except for minor fix. Also placate windows and style bot please :-) > Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp:214 > + addSlowCase(branchPtr(NotEqual, Address(regT1, JSCell::classInfoOffset()), TrustedImmPtr(&JSArray::s_info))); Should this be Structure::classInfoOffset()?
(In reply to comment #6) > (From update of attachment 158235 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=158235&action=review > > Looks good overall except for minor fix. Also placate windows and style bot please :-) > > > Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp:214 > > + addSlowCase(branchPtr(NotEqual, Address(regT1, JSCell::classInfoOffset()), TrustedImmPtr(&JSArray::s_info))); > > Should this be Structure::classInfoOffset()? Good catch! Thanks!
Created attachment 158475 [details] patch for landing, hopefully
Attachment 158475 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/CMakeLists.txt', u'S..." exit_code: 1 Source/JavaScriptCore/bytecode/Instruction.h:49: Code inside a namespace should not be indented. [whitespace/indent] [4] Source/JavaScriptCore/bytecode/ArrayProfile.h:79: The parameter name "operation" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 2 in 32 files If any of these errors are false positives, please file a bug against check-webkit-style.
Landed in http://trac.webkit.org/changeset/125637