Changeset 116361 in webkit


Ignore:
Timestamp:
May 7, 2012 3:52:52 PM (12 years ago)
Author:
oliver@apple.com
Message:

LLInt doesn't check for Ropes when performing a character switch
https://bugs.webkit.org/show_bug.cgi?id=85837

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Make LLint check if the scrutinee of a char switch is a rope, and if
so fall back to a slow case.

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(LLInt):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:

LayoutTests:

Add a few tests to force the use of ropes on switch statements.

  • fast/js/script-tests/switch-behaviour.js:
  • fast/js/switch-behaviour-expected.txt:
Location:
trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r116358 r116361  
     12012-05-07  Oliver Hunt  <oliver@apple.com>
     2
     3        LLInt doesn't check for Ropes when performing a character switch
     4        https://bugs.webkit.org/show_bug.cgi?id=85837
     5
     6        Reviewed by Filip Pizlo.
     7
     8        Add a few tests to force the use of ropes on switch statements.
     9
     10        * fast/js/script-tests/switch-behaviour.js:
     11        * fast/js/switch-behaviour-expected.txt:
     12
    1132012-05-07  Raymond Toy  <rtoy@google.com>
    214

  • trunk/LayoutTests/fast/js/script-tests/switch-behaviour.js

    r98407 r116361  
    232232
    233233// Character switch
     234var emptyString1 = "";
     235var emptyString2 = "";
     236shouldBe("characterSwitch('A' + emptyString1)", '"A"');
     237shouldBe("characterSwitch('A' + emptyString1 + emptyString2)", '"A"');
     238shouldBe("characterSwitch(emptyString1 + emptyString2)", '"default"');
     239
    234240shouldBe("characterSwitch('\0')", '"\0"');
    235241shouldBe("characterSwitch('A')", '"A"');

  • trunk/LayoutTests/fast/js/switch-behaviour-expected.txt

    r64796 r116361  
    44
    55
     6PASS characterSwitch('A' + emptyString1) is "A"
     7PASS characterSwitch('A' + emptyString1 + emptyString2) is "A"
     8PASS characterSwitch(emptyString1 + emptyString2) is "default"
    69PASS characterSwitch('\0') is "\0"
    710PASS characterSwitch('A') is "A"

  • trunk/Source/JavaScriptCore/ChangeLog

    r116356 r116361  
     12012-05-07  Oliver Hunt  <oliver@apple.com>
     2
     3        LLInt doesn't check for Ropes when performing a character switch
     4        https://bugs.webkit.org/show_bug.cgi?id=85837
     5
     6        Reviewed by Filip Pizlo.
     7
     8        Make LLint check if the scrutinee of a char switch is a rope, and if
     9        so fall back to a slow case.
     10
     11        * llint/LLIntSlowPaths.cpp:
     12        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
     13        (LLInt):
     14        * llint/LowLevelInterpreter32_64.asm:
     15        * llint/LowLevelInterpreter64.asm:
     16
    1172012-05-07  Eric Seidel  <eric@webkit.org>
    218

  • trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

    r115861 r116361  
    11681168}
    11691169
     1170LLINT_SLOW_PATH_DECL(slow_path_switch_char)
     1171{
     1172    LLINT_BEGIN();
     1173    JSValue scrutinee = LLINT_OP_C(3).jsValue();
     1174    ASSERT(scrutinee.isString());
     1175    JSString* value = asString(scrutinee);
     1176    ASSERT(value->length() == 1);
     1177    int defaultOffset = pc[2].u.operand;
     1178    StringImpl* impl = asString(scrutinee)->value(exec).impl();
     1179    CodeBlock* codeBlock = exec->codeBlock();
     1180    pc += codeBlock->characterSwitchJumpTable(pc[1].u.operand).offsetForValue((*impl)[0], defaultOffset);
     1181    LLINT_END();
     1182}
     1183
    11701184LLINT_SLOW_PATH_DECL(slow_path_switch_string)
    11711185{

  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

    r116054 r116361  
    14471447    loadp JSCell::m_structure[t0], t1
    14481448    bbneq Structure::m_typeInfo + TypeInfo::m_type[t1], StringType, .opSwitchCharFallThrough
     1449    bineq JSString::m_length[t0], 1, .opSwitchCharFallThrough
    14491450    loadp JSString::m_value[t0], t0
    1450     bineq StringImpl::m_length[t0], 1, .opSwitchCharFallThrough
     1451    btpz  t0, .opSwitchOnRope
    14511452    loadp StringImpl::m_data8[t0], t1
    14521453    btinz StringImpl::m_hashAndFlags[t0], HashFlags8BitBuffer, .opSwitchChar8Bit
     
    14651466.opSwitchCharFallThrough:
    14661467    dispatchBranch(8[PC])
     1468
     1469.opSwitchOnRope:
     1470    callSlowPath(_llint_slow_path_switch_char)
     1471    dispatch(0)
    14671472
    14681473

  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

    r114702 r116361  
    12931293    loadp JSCell::m_structure[t1], t0
    12941294    bbneq Structure::m_typeInfo + TypeInfo::m_type[t0], StringType, .opSwitchCharFallThrough
     1295    bineq JSString::m_length[t1], 1, .opSwitchCharFallThrough
    12951296    loadp JSString::m_value[t1], t0
    1296     bineq StringImpl::m_length[t0], 1, .opSwitchCharFallThrough
     1297    btpz  t0, .opSwitchOnRope
    12971298    loadp StringImpl::m_data8[t0], t1
    12981299    btinz StringImpl::m_hashAndFlags[t0], HashFlags8BitBuffer, .opSwitchChar8Bit
     
    13111312.opSwitchCharFallThrough:
    13121313    dispatchInt(16[PB, PC, 8])
     1314
     1315.opSwitchOnRope:
     1316    callSlowPath(_llint_slow_path_switch_char)
     1317    dispatch(0)
    13131318
    13141319
Note: See TracChangeset for help on using the changeset viewer.