Changeset 190682 in webkit
- Timestamp:
- Oct 7, 2015 1:27:46 PM (9 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
jit/JITOperations.cpp (modified) (5 diffs)
-
jit/JITPropertyAccess.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r190681 r190682 1 2015-10-07 Filip Pizlo <fpizlo@apple.com> 2 3 Don't setOutOfBounds in JIT code for PutByVal, since the C++ slow path already does it 4 https://bugs.webkit.org/show_bug.cgi?id=149885 5 6 Reviewed by Geoffrey Garen. 7 8 This simplifies the slow path code, which will make it easier to put read barriers on all of 9 the butterflies. 10 11 * jit/JITOperations.cpp: 12 (JSC::getByVal): 13 * jit/JITPropertyAccess.cpp: 14 (JSC::JIT::emitSlow_op_put_by_val): 15 1 16 2015-10-07 Filip Pizlo <fpizlo@apple.com> 2 17 -
trunk/Source/JavaScriptCore/jit/JITOperations.cpp
r190606 r190682 402 402 object->setIndexQuickly(callFrame->vm(), i, value); 403 403 else { 404 // FIXME: This will make us think that in-bounds typed array accesses are actually 405 // out-of-bounds. 406 // https://bugs.webkit.org/show_bug.cgi?id=149886 404 407 byValInfo->arrayProfile->setOutOfBounds(); 405 408 object->methodTable(vm)->putByIndex(object, callFrame, i, value, callFrame->codeBlock()->isStrictMode()); … … 435 438 } 436 439 440 // FIXME: This will make us think that in-bounds typed array accesses are actually 441 // out-of-bounds. 442 // https://bugs.webkit.org/show_bug.cgi?id=149886 437 443 byValInfo->arrayProfile->setOutOfBounds(); 438 444 baseObject->putDirectIndex(callFrame, index, value, 0, isStrictMode ? PutDirectIndexShouldThrow : PutDirectIndexShouldNotThrow); … … 1589 1595 return object->getIndexQuickly(i); 1590 1596 1591 if (!canAccessArgumentIndexQuickly(*object, i)) 1597 if (!canAccessArgumentIndexQuickly(*object, i)) { 1598 // FIXME: This will make us think that in-bounds typed array accesses are actually 1599 // out-of-bounds. 1600 // https://bugs.webkit.org/show_bug.cgi?id=149886 1592 1601 byValInfo->arrayProfile->setOutOfBounds(); 1602 } 1593 1603 } 1594 1604 … … 1751 1761 return JSValue::encode(JSValue(JSValue::JSTrue)); 1752 1762 1753 if (!canAccessArgumentIndexQuickly(*object, index)) 1763 if (!canAccessArgumentIndexQuickly(*object, index)) { 1764 // FIXME: This will make us think that in-bounds typed array accesses are actually 1765 // out-of-bounds. 1766 // https://bugs.webkit.org/show_bug.cgi?id=149886 1754 1767 byValInfo->arrayProfile->setOutOfBounds(); 1768 } 1755 1769 return JSValue::encode(jsBoolean(object->hasProperty(exec, index))); 1756 1770 } … … 1771 1785 return JSValue::encode(JSValue(JSValue::JSTrue)); 1772 1786 1773 if (!canAccessArgumentIndexQuickly(*object, index)) 1787 if (!canAccessArgumentIndexQuickly(*object, index)) { 1788 // FIXME: This will make us think that in-bounds typed array accesses are actually 1789 // out-of-bounds. 1790 // https://bugs.webkit.org/show_bug.cgi?id=149886 1774 1791 byValInfo->arrayProfile->setOutOfBounds(); 1792 } 1775 1793 return JSValue::encode(jsBoolean(object->hasProperty(exec, subscript.asUInt32()))); 1776 1794 } -
trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
r190681 r190682 449 449 linkSlowCase(iter); // base not array check 450 450 451 linkSlowCase(iter); // out of bounds 452 451 453 JITArrayMode mode = chooseArrayMode(profile); 452 454 switch (mode) { … … 458 460 break; 459 461 } 460 461 Jump skipProfiling = jump();462 linkSlowCase(iter); // out of bounds463 emitArrayProfileOutOfBoundsSpecialCase(profile);464 skipProfiling.link(this);465 462 466 463 Label slowPath = label();
Note: See TracChangeset
for help on using the changeset viewer.
