Changeset 267135 in webkit
- Timestamp:
- Sep 15, 2020 11:07:36 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 3 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/stress/jsimmutablebutterfly-get-must-return-double-boxed-value.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/runtime/JSImmutableButterfly.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r267132 r267135 1 2020-09-15 Saam Barati <sbarati@apple.com> 2 3 JSImmutableButterfly::get needs to return jsDoubleNumber for double arrays 4 https://bugs.webkit.org/show_bug.cgi?id=216589 5 <rdar://problem/68061245> 6 7 Reviewed by Yusuke Suzuki. 8 9 * stress/jsimmutablebutterfly-get-must-return-double-boxed-value.js: Added. 10 1 11 2020-09-15 Yusuke Suzuki <ysuzuki@apple.com> 2 12 -
trunk/Source/JavaScriptCore/ChangeLog
r267132 r267135 1 2020-09-15 Saam Barati <sbarati@apple.com> 2 3 JSImmutableButterfly::get needs to return jsDoubleNumber for double arrays 4 https://bugs.webkit.org/show_bug.cgi?id=216589 5 <rdar://problem/68061245> 6 7 Reviewed by Yusuke Suzuki. 8 9 We are using JSImmutableButterfly::get in AI to constant fold GetByVal, 10 but we were failing to always return a boxed double value for double loads. 11 We were calling jsNumber instead of jsDooubleNumber. This is in contrast to 12 the runtime, which always returns a double boxed value. This would lead AI 13 to disagree with the runtime, and miscompile code. 14 15 * runtime/JSImmutableButterfly.h: 16 (JSC::JSImmutableButterfly::get const): 17 1 18 2020-09-15 Yusuke Suzuki <ysuzuki@apple.com> 2 19 -
trunk/Source/JavaScriptCore/runtime/JSImmutableButterfly.h
r254735 r267135 143 143 // Holes are not supported yet. 144 144 ASSERT(!std::isnan(value)); 145 return js Number(value);145 return jsDoubleNumber(value); 146 146 } 147 147
Note: See TracChangeset
for help on using the changeset viewer.
