[32bit JSC tests] stress/cow-convert-double-to-contiguous.js and stress/cow-convert...
authorutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 13 Jul 2018 18:20:21 +0000 (18:20 +0000)
committerutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 13 Jul 2018 18:20:21 +0000 (18:20 +0000)
https://bugs.webkit.org/show_bug.cgi?id=187561

Reviewed by Darin Adler.

This patch fixes the issue that CoW array handling is not introduced in 32bit put_by_val code.
We clean up 32bit put_by_val code.

1. We remove inline out-of-bounds recording code since it is done in C operation code. This change
aligns 32bit implementation to 64bit implementation.

2. We add CoW array checking, which is done in 64bit implementation.

* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_by_val):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emitSlow_op_put_by_val):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233806 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/JITPropertyAccess.cpp
Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

index f10d86b..6d20a95 100644 (file)
@@ -1,3 +1,24 @@
+2018-07-13  Yusuke Suzuki  <utatane.tea@gmail.com>
+
+        [32bit JSC tests]  stress/cow-convert-double-to-contiguous.js and stress/cow-convert-int32-to-contiguous.js are failing
+        https://bugs.webkit.org/show_bug.cgi?id=187561
+
+        Reviewed by Darin Adler.
+
+        This patch fixes the issue that CoW array handling is not introduced in 32bit put_by_val code.
+        We clean up 32bit put_by_val code.
+
+        1. We remove inline out-of-bounds recording code since it is done in C operation code. This change
+        aligns 32bit implementation to 64bit implementation.
+
+        2. We add CoW array checking, which is done in 64bit implementation.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_put_by_val):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+
 2018-07-12  Mark Lam  <mark.lam@apple.com>
 
         Need to handle CodeBlock::replacement() being null.
index 5df52dd..d3c2c2d 100644 (file)
@@ -218,7 +218,7 @@ void JIT::emit_op_put_by_val(Instruction* currentInstruction)
     PatchableJump badType;
     JumpList slowCases;
 
-    // TODO: Maybe we should do this inline?
+    // FIXME: Maybe we should do this inline?
     addSlowCase(branchTest32(NonZero, regT2, TrustedImm32(CopyOnWrite)));
     and32(TrustedImm32(IndexingShapeMask), regT2);
 
index 693a546..33bbd7a 100644 (file)
@@ -262,10 +262,13 @@ void JIT::emit_op_put_by_val(Instruction* currentInstruction)
     PatchableJump notIndex = patchableBranch32(NotEqual, regT3, TrustedImm32(JSValue::Int32Tag));
     addSlowCase(notIndex);
     emitArrayProfilingSiteWithCell(regT0, regT1, profile);
-    and32(TrustedImm32(IndexingShapeMask), regT1);
     
     PatchableJump badType;
     JumpList slowCases;
+
+    // FIXME: Maybe we should do this inline?
+    addSlowCase(branchTest32(NonZero, regT1, TrustedImm32(CopyOnWrite)));
+    and32(TrustedImm32(IndexingShapeMask), regT1);
     
     JITArrayMode mode = chooseArrayMode(profile);
     switch (mode) {
@@ -431,28 +434,9 @@ void JIT::emitSlow_op_put_by_val(Instruction* currentInstruction, Vector<SlowCas
     int base = currentInstruction[1].u.operand;
     int property = currentInstruction[2].u.operand;
     int value = currentInstruction[3].u.operand;
-    ArrayProfile* profile = currentInstruction[4].u.arrayProfile;
     ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo;
     
-    linkSlowCaseIfNotJSCell(iter, base); // base cell check
-    linkSlowCase(iter); // property int32 check
-    linkSlowCase(iter); // base not array check
-    
-    JITArrayMode mode = chooseArrayMode(profile);
-    switch (mode) {
-    case JITInt32:
-    case JITDouble:
-        linkSlowCase(iter); // value type check
-        break;
-    default:
-        break;
-    }
-    
-    Jump skipProfiling = jump();
-    linkSlowCase(iter); // out of bounds
-    emitArrayProfileOutOfBoundsSpecialCase(profile);
-    skipProfiling.link(this);
-
+    linkAllSlowCases(iter);
     Label slowPath = label();
     
     bool isDirect = Interpreter::getOpcodeID(currentInstruction->u.opcode) == op_put_by_val_direct;