[webkit-changes] [WebKit/WebKit] 3790f1: [JSC] Don't optimize String.prototype.replace for ...
SUZUKI Sosuke
noreply at github.com
Fri Feb 23 13:29:41 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 3790f1e3cc0a7b0e02528d3440e588a491b28be4
https://github.com/WebKit/WebKit/commit/3790f1e3cc0a7b0e02528d3440e588a491b28be4
Author: Sosuke Suzuki <sosuke.suzuki at dr-ubie.com>
Date: 2024-02-23 (Fri, 23 Feb 2024)
Changed paths:
A JSTests/stress/string-replace-regexp-deopt-lastindex.js
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Log Message:
-----------
[JSC] Don't optimize String.prototype.replace for RegExp searchValue with non-numeric lastIndex.
https://bugs.webkit.org/show_bug.cgi?id=246274
Reviewed by Alexey Shvayka.
In DFGByteCodeParser, String.prototype.replace with a RegExp object as searchValue is inlined into a StringReplace node.
So after DFG, lastIndex is no longer read and updated. Therefore, searchValue.lastIndex.toString is no longer invoked.
This patch changes the code so that it doesn't inline if searchValue.lastIndex isn't numeric.
https://tc39.es/ecma262/#sec-string.prototype.replace
* JSTests/stress/string-replace-regexp-deopt-lastindex.js: Added.
(shouldBe):
(foo.regexLastIndex.toString):
(foo):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::addStringReplacePrimordialChecks):
Canonical link: https://commits.webkit.org/275255@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list