FTL SwitchString slow case creates duplicate switch cases
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 5 May 2015 20:42:44 +0000 (20:42 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 5 May 2015 20:42:44 +0000 (20:42 +0000)
commit5f95e9d49d749b5304f7b2ba2e9313e1792e0353
tree9a66ca59aca5ef1742348dffffbba0dc56696d84
parent72b52c3fb52578f30282ce1ada873a3ae9892b5b
FTL SwitchString slow case creates duplicate switch cases
https://bugs.webkit.org/show_bug.cgi?id=144634

Reviewed by Geoffrey Garen.

The problem of duplicate switches is sufficiently annoying that I fixed the issue and also
added mostly-debug-only asserts to catch such issues earlier.

* bytecode/CallVariant.cpp:
(JSC::variantListWithVariant): Assertion to prevent similar bugs.
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::switchStringRecurse): Assertion to prevent similar bugs.
(JSC::FTL::LowerDFGToLLVM::switchStringSlow): This is the bug.
* jit/BinarySwitch.cpp:
(JSC::BinarySwitch::BinarySwitch): Assertion to prevent similar bugs.
* jit/Repatch.cpp:
(JSC::linkPolymorphicCall): Assertion to prevent similar bugs.
* tests/stress/ftl-switch-string-slow-duplicate-cases.js: Added. This tests the FTL SwitchString bug. It was previously crashing every time.
(foo):
(cat):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@183825 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/CallVariant.cpp
Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp
Source/JavaScriptCore/jit/BinarySwitch.cpp
Source/JavaScriptCore/jit/Repatch.cpp
Source/JavaScriptCore/tests/stress/ftl-switch-string-slow-duplicate-cases.js [new file with mode: 0644]