Changeset 242519 in webkit


Ignore:
Timestamp:
Mar 5, 2019 4:20:07 PM (5 years ago)
Author:
sbarati@apple.com
Message:

op_switch_char broken for rope strings after JSRopeString layout rewrite
https://bugs.webkit.org/show_bug.cgi?id=195339
<rdar://problem/48592545>

Reviewed by Yusuke Suzuki.

JSTests:

  • stress/switch-on-char-llint-rope.js: Added.

Source/JavaScriptCore:

When we did the JSString rewrite, we accidentally broke LLInt's switch_char
for rope strings. That change made it so that we always go to the slow path
for ropes. That's wrong. The slow path should only be taken when the rope
is of length 1. For lengths other than 1, we need to fall through to the
default case. This patch fixes this.

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/JSString.h:
Location:
trunk
Files:
1 added
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/JSTests/ChangeLog

    r242397 r242519  
     12019-03-05  Saam barati  <sbarati@apple.com>
     2
     3        op_switch_char broken for rope strings after JSRopeString layout rewrite
     4        https://bugs.webkit.org/show_bug.cgi?id=195339
     5        <rdar://problem/48592545>
     6
     7        Reviewed by Yusuke Suzuki.
     8
     9        * stress/switch-on-char-llint-rope.js: Added.
     10
    1112019-03-04  Yusuke Suzuki  <ysuzuki@apple.com>
    212
  • trunk/Source/JavaScriptCore/ChangeLog

    r242500 r242519  
     12019-03-05  Saam barati  <sbarati@apple.com>
     2
     3        op_switch_char broken for rope strings after JSRopeString layout rewrite
     4        https://bugs.webkit.org/show_bug.cgi?id=195339
     5        <rdar://problem/48592545>
     6
     7        Reviewed by Yusuke Suzuki.
     8
     9        When we did the JSString rewrite, we accidentally broke LLInt's switch_char
     10        for rope strings. That change made it so that we always go to the slow path
     11        for ropes. That's wrong. The slow path should only be taken when the rope
     12        is of length 1. For lengths other than 1, we need to fall through to the
     13        default case. This patch fixes this.
     14
     15        * llint/LowLevelInterpreter32_64.asm:
     16        * llint/LowLevelInterpreter64.asm:
     17        * runtime/JSString.h:
     18
    1192019-03-05  Yusuke Suzuki  <ysuzuki@apple.com>
    220
  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

    r242252 r242519  
    17891789    bineq t1, CellTag, .opSwitchCharFallThrough
    17901790    bbneq JSCell::m_type[t0], StringType, .opSwitchCharFallThrough
    1791     loadp JSString::m_fiber[t0], t0
    1792     btpnz t0, isRopeInPointer, .opSwitchOnRope
    1793     bineq StringImpl::m_length[t0], 1, .opSwitchCharFallThrough
    1794     loadp StringImpl::m_data8[t0], t1
    1795     btinz StringImpl::m_hashAndFlags[t0], HashFlags8BitBuffer, .opSwitchChar8Bit
    1796     loadh [t1], t0
     1791    loadp JSString::m_fiber[t0], t1
     1792    btpnz t1, isRopeInPointer, .opSwitchOnRope
     1793    bineq StringImpl::m_length[t1], 1, .opSwitchCharFallThrough
     1794    loadp StringImpl::m_data8[t1], t0
     1795    btinz StringImpl::m_hashAndFlags[t1], HashFlags8BitBuffer, .opSwitchChar8Bit
     1796    loadh [t0], t0
    17971797    jmp .opSwitchCharReady
    17981798.opSwitchChar8Bit:
    1799     loadb [t1], t0
     1799    loadb [t0], t0
    18001800.opSwitchCharReady:
    18011801    subi SimpleJumpTable::min[t2], t0
     
    18101810
    18111811.opSwitchOnRope:
     1812    bineq JSRopeString::m_compactFibers + JSRopeString::CompactFibers::m_length[t0], 1, .opSwitchCharFallThrough
     1813
     1814.opSwitchOnRopeChar:
    18121815    callSlowPath(_llint_slow_path_switch_char)
    18131816    nextInstruction()
  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

    r242252 r242519  
    18991899
    19001900.opSwitchOnRope:
     1901    bineq JSRopeString::m_compactFibers + JSRopeString::CompactFibers::m_length[t1], 1, .opSwitchCharFallThrough
     1902
     1903.opSwitchOnRopeChar:
    19011904    callSlowPath(_llint_slow_path_switch_char)
    19021905    nextInstruction()
  • trunk/Source/JavaScriptCore/runtime/JSString.h

    r242399 r242519  
    312312
    313313    private:
     314        friend class LLIntOffsetsExtractor;
     315
    314316        uint32_t m_length { 0 };
    315317        uint32_t m_fiber1Lower { 0 };
     
    351353
    352354    private:
     355        friend class LLIntOffsetsExtractor;
     356
    353357        uint32_t m_length { 0 };
    354358        JSString* m_fiber1 { nullptr };
     
    439443
    440444private:
     445    friend class LLIntOffsetsExtractor;
     446
    441447    void convertToNonRope(String&&) const;
    442448
Note: See TracChangeset for help on using the changeset viewer.