[webkit-changes] [WebKit/WebKit] 293d5d: [JSC] DFG String#charAt should support out-of-bounds
Yusuke Suzuki
noreply at github.com
Tue Jun 27 19:58:03 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 293d5d8cb3904456aa590d93825f4378bd104182
https://github.com/WebKit/WebKit/commit/293d5d8cb3904456aa590d93825f4378bd104182
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-06-27 (Tue, 27 Jun 2023)
Changed paths:
A JSTests/stress/string-charat-oob.js
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Log Message:
-----------
[JSC] DFG String#charAt should support out-of-bounds
https://bugs.webkit.org/show_bug.cgi?id=201678
rdar://111421698
Reviewed by Keith Miller.
This patch adds String#charAt OOB handling. Unlike `string[0]` case,
String#charAt always returns empty string when it is out-of-bounds index.
This is great since,
1. DFG AI just says it returns string regardless of whether it is OOB.
2. We do not need to consider OutOfBounds OSR exit. Let's just return empty string if it is OOB.
* JSTests/stress/string-charat-oob.js: Added.
(shouldBe):
(test):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAtImpl):
Canonical link: https://commits.webkit.org/265572@main
More information about the webkit-changes
mailing list