| Summary: | [JSC] Add CheckArrayOrEmpty to handle the case when hoisting CheckArray for places where input can be empty | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Yusuke Suzuki <ysuzuki> | ||||
| Component: | New Bugs | Assignee: | Yusuke Suzuki <ysuzuki> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Nightly Build | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
|
Description
Yusuke Suzuki
2020-01-21 23:12:21 PST
Created attachment 388398 [details]
Patch
Comment on attachment 388398 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=388398&action=review > Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:287 > + // check just remains, and it works as CheckArrayOrEmpty without ArrayMode checking. Seems like we should also have an assert here like speculatedTypeForUseKind(node->child1().useKind()) & SpecEmpty > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:832 > + // We can purge Empty check completely in this case of CheckArrayOrEmpty since CellUse only accepts SpecCell | SpecEmpty. Ditto Comment on attachment 388398 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=388398&action=review >> Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:287 >> + // check just remains, and it works as CheckArrayOrEmpty without ArrayMode checking. > > Seems like we should also have an assert here like > speculatedTypeForUseKind(node->child1().useKind()) & SpecEmpty Fixed. >> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:832 >> + // We can purge Empty check completely in this case of CheckArrayOrEmpty since CellUse only accepts SpecCell | SpecEmpty. > > Ditto Fixed. Committed r254936: <https://trac.webkit.org/changeset/254936> |