Ignore:
Timestamp:
May 18, 2018, 4:16:09 PM (7 years ago)
Author:
[email protected]
Message:

op_in should mark if it sees out of bounds accesses
https://bugs.webkit.org/show_bug.cgi?id=185792

Reviewed by Filip Pizlo.

JSTests:

  • stress/has-indexed-property-array-storage-ftl.js:

(test2):

  • stress/has-indexed-property-slow-put-array-storage-ftl.js:

(test2):

Source/JavaScriptCore:

This would used to cause us to OSR loop since we would always speculate
we were in bounds in HasIndexedProperty.

  • bytecode/ArrayProfile.cpp:

(JSC::ArrayProfile::observeIndexedRead):

  • bytecode/ArrayProfile.h:
  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::opIn):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/bytecode/ArrayProfile.h

    r222871 r231990  
    215215        m_lastSeenStructureID = structure->id();
    216216    }
    217    
     217
    218218    void computeUpdatedPrediction(const ConcurrentJSLocker&, CodeBlock*);
    219219    void computeUpdatedPrediction(const ConcurrentJSLocker&, CodeBlock*, Structure* lastSeenStructure);
    220220   
    221221    void observeArrayMode(ArrayModes mode) { m_observedArrayModes |= mode; }
     222    void observeIndexedRead(VM&, JSCell*, unsigned index);
     223
    222224    ArrayModes observedArrayModes(const ConcurrentJSLocker&) const { return m_observedArrayModes; }
    223225    bool mayInterceptIndexedAccesses(const ConcurrentJSLocker&) const { return m_mayInterceptIndexedAccesses; }
Note: See TracChangeset for help on using the changeset viewer.