Google Git
Sign in
webkit / WebKit / 151e9aff840c7eefdbe386d1f0b40f1c4f754af9
commit151e9aff840c7eefdbe386d1f0b40f1c4f754af9[log] [tgz]
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Aug 16 02:30:37 2013 +0000
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Aug 16 02:30:37 2013 +0000
tree90df8ec7deef4dad4e277b6e070fab0b15098dbd
parent315b982437235e44e7fa670fe19290b00d4579d6 [diff]
Sometimes, the DFG uses a GetById for typed array length accesses despite profiling data that indicates that it's a typed array length access
https://bugs.webkit.org/show_bug.cgi?id=119874

Reviewed by Oliver Hunt and Mark Hahnenberg.
        
It was a confusion between heuristics in DFG::ArrayMode that are assuming that
you'll use ForceExit if array profiles are empty, the JIT creating empty profiles
sometimes for typed array length accesses, and the FixupPhase assuming that a
ForceExit ArrayMode means that it should continue using a generic GetById.

This fixes the confusion.

* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154157 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2 files changed
tree: 90df8ec7deef4dad4e277b6e070fab0b15098dbd
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. .qmake.conf
  14. autogen.sh
  15. ChangeLog
  16. ChangeLog-2012-05-22
  17. CMakeLists.txt
  18. configure.ac
  19. GNUmakefile.am
  20. Makefile
  21. Makefile.shared
  22. WebKit.pro