[webkit-changes] [WebKit/WebKit] 270603: [JSC] Fix String#replace DFG handling to handle su...

Yusuke Suzuki noreply at github.com
Wed Sep 7 01:20:47 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 27060307138483ca3cca7307c9520928694dcad5
      https://github.com/WebKit/WebKit/commit/27060307138483ca3cca7307c9520928694dcad5
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2022-09-07 (Wed, 07 Sep 2022)

  Changed paths:
    A JSTests/stress/replace-string-constant-fold-substitution.js
    A JSTests/stress/replace-string-substitution.js
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/dfg/DFGOperations.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
    M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/runtime/StringPrototype.cpp
    M Source/JavaScriptCore/runtime/StringPrototype.h

  Log Message:
  -----------
  [JSC] Fix String#replace DFG handling to handle substitutions
https://bugs.webkit.org/show_bug.cgi?id=244867

Reviewed by Saam Barati.

We accidentally dropped backreference substitution feature on DFG / FTL String#replace with string case.
This patch adds it to DFG operations. Also, DFG strength reduction should not perform String#replace with String
reductions if watchpoint is not watched.

1. Add backreference substitutions to DFG operationStringReplaceStringString.
2. We also add operationStringReplaceStringStringWithoutSubstitution since we can know this information if replace string is a constant.
   And this is common case (Speedometer2.1's replace string does not include substitutions and it is constant).
3. We watch string watchpoint when performing strength reduction onto StringReplace + String case.

* JSTests/stress/replace-string-constant-fold-substitution.js: Added.
(shouldBe):
(test):
(test2):
* JSTests/stress/replace-string-substitution.js: Added.
(shouldBe):
(test):
(test2):
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::stringReplaceStringString):
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/runtime/StringPrototype.cpp:
(JSC::substituteBackreferencesSlow):
* Source/JavaScriptCore/runtime/StringPrototype.h:

Canonical link: https://commits.webkit.org/254217@main

More information about the webkit-changes mailing list