https://bugs.webkit.org/show_bug.cgi?id=163215
Reviewed by Mark Lam and Filip Pizlo.
lowStringIdent() returns the StringImpl pointer. The compileCheckStringIdent()
was treating its return value as the actual JSString. This is wrong.
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCheckStringIdent):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207017
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
--- /dev/null
+//@ defaultNoEagerRun
+
+const o = { baz: 20 };
+function foo(p) {
+ o[p] = 20;
+}
+noInline(foo);
+noOSRExitFuzzing(foo);
+
+for (let i = 0; i < 1000000; i++) {
+ foo("baz");
+}
+
+if (numberOfDFGCompiles(foo) > 1)
+ throw new Error("We should not have to compile this function more than once.");
+2016-10-10 Saam Barati <sbarati@apple.com>
+
+ compileCheckStringIdent in the FTL is wrong
+ https://bugs.webkit.org/show_bug.cgi?id=163215
+
+ Reviewed by Mark Lam and Filip Pizlo.
+
+ lowStringIdent() returns the StringImpl pointer. The compileCheckStringIdent()
+ was treating its return value as the actual JSString. This is wrong.
+
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileCheckStringIdent):
+
2016-10-10 Yusuke Suzuki <utatane.tea@gmail.com>
[DOMJIT] Implement Node accessors in DOMJIT
void compileCheckStringIdent()
{
UniquedStringImpl* uid = m_node->uidOperand();
- LValue string = lowStringIdent(m_node->child1());
- LValue stringImpl = m_out.loadPtr(string, m_heaps.JSString_value);
+ LValue stringImpl = lowStringIdent(m_node->child1());
speculate(BadIdent, noValue(), nullptr, m_out.notEqual(stringImpl, m_out.constIntPtr(uid)));
}
git://git.webkit.org / WebKit-https.git / commitdiff