[webkit-changes] [WebKit/WebKit] d83a31: [JSC] Allow CellOrOther for PutByVal etc.
Yusuke Suzuki
noreply at github.com
Tue May 30 10:41:23 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d83a310241bca5f8d7c37e50492e0c0a5613aa64
https://github.com/WebKit/WebKit/commit/d83a310241bca5f8d7c37e50492e0c0a5613aa64
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Log Message:
-----------
[JSC] Allow CellOrOther for PutByVal etc.
https://bugs.webkit.org/show_bug.cgi?id=257446
rdar://109962428
Reviewed by Alexey Shvayka.
It is common that PutByVal's base is speculated as CellOrOther since it can be null or undefined in some path.
But we can safely speculate the type as CellUse even in that case since, if this type check fails, anyway,
PutByVal fails since base is null or undefined. So, CellOrOther prediction case does not actually offer undefined or null.
In this patch, we check frequent exit reason for extra defense, but use CellUse as a speculation for CellOrOther for
PutByVal etc.
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
Canonical link: https://commits.webkit.org/264683@main
More information about the webkit-changes
mailing list