[JSC] Repatch should construct CallCases and CasesValue at the same time
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 30 Aug 2019 03:28:20 +0000 (03:28 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 30 Aug 2019 03:28:20 +0000 (03:28 +0000)
commit8fd986de508f0161ecdaa36e17cab76a4a67d382
tree5fb3d25a893655d33b5caa9f6ed55854cb3594cb
parentb83429469f9f05e62fbaaa256253d52c2128cc5e
[JSC] Repatch should construct CallCases and CasesValue at the same time
https://bugs.webkit.org/show_bug.cgi?id=201325

Reviewed by Saam Barati.

JSTests:

* stress/repatch-switch.js: Added.
(main.f2.f0):
(main.f2.f3):
(main.f2.f1):
(main.f2):
(main):

Source/JavaScriptCore:

In linkPolymorphicCall, we should create callCases and casesValue at the same time to assert `callCases.size() == casesValue.size()`.
If the call variant is isClosureCall and InternalFunction, we skip adding it to casesValue. So we should not add this variant to callCases too.

* jit/Repatch.cpp:
(JSC::linkPolymorphicCall):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249310 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/repatch-switch.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/Repatch.cpp