Changeset 59055 in webkit for trunk/JavaScriptCore/jit/JITStubs.cpp

Timestamp:

May 9, 2010, 4:18:25 AM (15 years ago)

Author:

[email protected]

Message:

2010-05-09 Maciej Stachowiak <​[email protected]>

Fixed version of: "Optimized o[s] where o is a cell and s is a string"
​https://bugs.webkit.org/show_bug.cgi?id=38815

Fixed the previous patch for this from Geoff Garen.

The two problems were a missing exception check and a PropertySlot
initialized improperly, leading to crashes and failures in the case
of getters accessed with bracket syntax.

Previous patch:

Optimized o[s] where o is a cell and s is a string, removing some old
code that wasn't really tuned for the JIT.

SunSpider says 0.8% faster.

• jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION):
• runtime/JSCell.h:

File:

• trunk/JavaScriptCore/jit/JITStubs.cpp (modified) (1 diff)

trunk/JavaScriptCore/jit/JITStubs.cpp

@@ -2088 +2088 @@
     JSValue subscript = stackFrame.args[1].jsValue();
 
-    JSValue result;
-
-    if (LIKELY(subscript.isUInt32())) {
+    if (LIKELY(baseValue.isCell() && subscript.isString())) {
+        Identifier propertyName(callFrame, asString(subscript)->value(callFrame));
+        PropertySlot slot(asCell(baseValue));
+        if (asCell(baseValue)->fastGetOwnPropertySlot(callFrame, propertyName, slot)) {
+            JSValue result = slot.getValue(callFrame, propertyName);
+            CHECK_FOR_EXCEPTION();
+            return JSValue::encode(result);
+        }
+    }
+
+    if (subscript.isUInt32()) {
         uint32_t i = subscript.asUInt32();
-        if (isJSArray(globalData, baseValue)) {
-            JSArray* jsArray = asArray(baseValue);
-            if (jsArray->canGetIndex(i))
-                result = jsArray->getIndex(i);
-            else
-                result = jsArray->JSArray::get(callFrame, i);
-        } else if (isJSString(globalData, baseValue) && asString(baseValue)->canGetIndex(i)) {
-            // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
+        if (isJSString(globalData, baseValue) && asString(baseValue)->canGetIndex(i)) {
             ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_val_string));
-            result = asString(baseValue)->getIndex(callFrame, i);
-        } else if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
+            JSValue result = asString(baseValue)->getIndex(callFrame, i);
+            CHECK_FOR_EXCEPTION();
+            return JSValue::encode(result);
+        }
+        if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
             // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
             ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_val_byte_array));
             return JSValue::encode(asByteArray(baseValue)->getIndex(callFrame, i));
-        } else
-            result = baseValue.get(callFrame, i);
-    } else {
-        Identifier property(callFrame, subscript.toString(callFrame));
-        result = baseValue.get(callFrame, property);
-    }
-
+        }
+        JSValue result = baseValue.get(callFrame, i);
+        CHECK_FOR_EXCEPTION();
+        return JSValue::encode(result);
+    }
+    
+    Identifier property(callFrame, subscript.toString(callFrame));
+    JSValue result = baseValue.get(callFrame, property);
     CHECK_FOR_EXCEPTION_AT_END();
     return JSValue::encode(result);