diff options
Diffstat (limited to 'Source/JavaScriptCore')
8 files changed, 61 insertions, 12 deletions
diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerARM.h b/Source/JavaScriptCore/assembler/MacroAssemblerARM.h index ce3369c23..749cbab11 100644 --- a/Source/JavaScriptCore/assembler/MacroAssemblerARM.h +++ b/Source/JavaScriptCore/assembler/MacroAssemblerARM.h @@ -704,14 +704,14 @@ public: Jump branchTest32(ResultCondition cond, RegisterID reg, RegisterID mask) { - ASSERT((cond == Zero) || (cond == NonZero)); + ASSERT(cond == Zero || cond == NonZero || cond == Signed || cond == PositiveOrZero); m_assembler.tst(reg, mask); return Jump(m_assembler.jmp(ARMCondition(cond))); } Jump branchTest32(ResultCondition cond, RegisterID reg, TrustedImm32 mask = TrustedImm32(-1)) { - ASSERT((cond == Zero) || (cond == NonZero)); + ASSERT(cond == Zero || cond == NonZero || cond == Signed || cond == PositiveOrZero); ARMWord w = m_assembler.getImm(mask.m_value, ARMRegisters::S0, true); if (w & ARMAssembler::Op2InvertedImmediate) m_assembler.bics(ARMRegisters::S0, reg, w & ~ARMAssembler::Op2InvertedImmediate); diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h b/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h index 3bc85bce9..337a82e93 100644 --- a/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h +++ b/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h @@ -1495,12 +1495,14 @@ public: Jump branchTest32(ResultCondition cond, RegisterID reg, RegisterID mask) { + ASSERT(cond == Zero || cond == NonZero || cond == Signed || cond == PositiveOrZero); m_assembler.tst(reg, mask); return Jump(makeBranch(cond)); } Jump branchTest32(ResultCondition cond, RegisterID reg, TrustedImm32 mask = TrustedImm32(-1)) { + ASSERT(cond == Zero || cond == NonZero || cond == Signed || cond == PositiveOrZero); test32(reg, mask); return Jump(makeBranch(cond)); } diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp index 64d7f63c9..c8dd0cb3f 100644 --- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp +++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp @@ -1369,12 +1369,22 @@ private: RefPtr<TypeSet> typeSet = node->typeLocation()->m_instructionTypeSet; RuntimeTypeMask seenTypes = typeSet->seenTypes(); if (typeSet->doesTypeConformTo(TypeMachineInt)) { - if (node->child1()->shouldSpeculateInt32()) + if (node->child1()->shouldSpeculateInt32()) { fixEdge<Int32Use>(node->child1()); - else + node->remove(); + break; + } + + if (enableInt52()) { fixEdge<MachineIntUse>(node->child1()); - node->remove(); - } else if (typeSet->doesTypeConformTo(TypeNumber | TypeMachineInt)) { + node->remove(); + break; + } + + // Must not perform fixEdge<NumberUse> here since the type set only includes TypeMachineInt. Double values should be logged. + } + + if (typeSet->doesTypeConformTo(TypeNumber | TypeMachineInt)) { fixEdge<NumberUse>(node->child1()); node->remove(); } else if (typeSet->doesTypeConformTo(TypeString)) { diff --git a/Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp b/Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp index 743a314d4..d7f60d1c5 100644 --- a/Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp +++ b/Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp @@ -1862,7 +1862,8 @@ private: ASSERT(def->value()); Node* result = def->value(); - + if (result->replacement()) + result = result->replacement(); ASSERT(!result->replacement()); m_localMapping.add(location, result); diff --git a/Source/JavaScriptCore/jit/ExecutableAllocator.h b/Source/JavaScriptCore/jit/ExecutableAllocator.h index 09b768bed..c5bc122eb 100644 --- a/Source/JavaScriptCore/jit/ExecutableAllocator.h +++ b/Source/JavaScriptCore/jit/ExecutableAllocator.h @@ -74,7 +74,9 @@ class DemandExecutableAllocator; #endif #if ENABLE(EXECUTABLE_ALLOCATOR_FIXED) -#if CPU(ARM) +#if defined(FIXED_EXECUTABLE_MEMORY_POOL_SIZE_IN_MB) && FIXED_EXECUTABLE_MEMORY_POOL_SIZE_IN_MB > 0 +static const size_t fixedExecutableMemoryPoolSize = FIXED_EXECUTABLE_MEMORY_POOL_SIZE_IN_MB * 1024 * 1024; +#elif CPU(ARM) static const size_t fixedExecutableMemoryPoolSize = 16 * 1024 * 1024; #elif CPU(ARM64) static const size_t fixedExecutableMemoryPoolSize = 32 * 1024 * 1024; diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp index ae1a6c28a..750a39418 100644 --- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp +++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp @@ -832,7 +832,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSlice(ExecState* exec) if (UNLIKELY(speciesResult.first == SpeciesConstructResult::Exception)) return JSValue::encode(jsUndefined()); - if (LIKELY(speciesResult.first == SpeciesConstructResult::FastPath && isJSArray(thisObj))) { + if (LIKELY(speciesResult.first == SpeciesConstructResult::FastPath && isJSArray(thisObj) && length == getLength(exec, thisObj))) { if (JSArray* result = asArray(thisObj)->fastSlice(*exec, begin, end - begin)) return JSValue::encode(result); } @@ -899,7 +899,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState* exec) return JSValue::encode(jsUndefined()); JSObject* result = nullptr; - if (speciesResult.first == SpeciesConstructResult::FastPath && isJSArray(thisObj)) + if (speciesResult.first == SpeciesConstructResult::FastPath && isJSArray(thisObj) && length == getLength(exec, thisObj)) result = asArray(thisObj)->fastSlice(*exec, begin, deleteCount); if (!result) { diff --git a/Source/JavaScriptCore/runtime/CommonIdentifiers.h b/Source/JavaScriptCore/runtime/CommonIdentifiers.h index 2ca665fc3..5314f3111 100644 --- a/Source/JavaScriptCore/runtime/CommonIdentifiers.h +++ b/Source/JavaScriptCore/runtime/CommonIdentifiers.h @@ -28,18 +28,37 @@ // MarkedArgumentBuffer of property names, passed to a macro so we can do set them up various // ways without repeating the list. #define JSC_COMMON_IDENTIFIERS_EACH_PROPERTY_NAME(macro) \ + macro(AnimationTimeline) \ macro(Array) \ macro(ArrayBuffer) \ macro(ArrayIterator) \ + macro(Audio) \ macro(BYTES_PER_ELEMENT) \ macro(Boolean) \ macro(Collator) \ macro(Date) \ macro(DateTimeFormat) \ + macro(DocumentTimeline) \ macro(Error) \ macro(EvalError) \ macro(Function) \ + macro(Gamepad) \ + macro(GamepadButton) \ + macro(GamepadEvent) \ macro(GeneratorFunction) \ + macro(HTMLAudioElement) \ + macro(HTMLSlotElement) \ + macro(IDBCursor) \ + macro(IDBCursorWithValue) \ + macro(IDBDatabase) \ + macro(IDBFactory) \ + macro(IDBIndex) \ + macro(IDBKeyRange) \ + macro(IDBObjectStore) \ + macro(IDBOpenDBRequest) \ + macro(IDBRequest) \ + macro(IDBTransaction) \ + macro(IDBVersionChangeEvent) \ macro(Infinity) \ macro(Intl) \ macro(JSON) \ @@ -59,6 +78,7 @@ macro(RegExp) \ macro(Set)\ macro(SetIterator)\ + macro(ShadowRoot) \ macro(String) \ macro(Symbol) \ macro(SyntaxError) \ @@ -67,6 +87,7 @@ macro(UTC) \ macro(WeakMap)\ macro(WeakSet)\ + macro(WebSocket) \ macro(__defineGetter__) \ macro(__defineSetter__) \ macro(__lookupGetter__) \ @@ -216,6 +237,14 @@ macro(valueOf) \ macro(values) \ macro(webkit) \ + macro(webkitIDBCursor) \ + macro(webkitIDBDatabase) \ + macro(webkitIDBFactory) \ + macro(webkitIDBIndex) \ + macro(webkitIDBKeyRange) \ + macro(webkitIDBObjectStore) \ + macro(webkitIDBRequest) \ + macro(webkitIDBTransaction) \ macro(webkitIndexedDB) \ macro(weekday) \ macro(window) \ diff --git a/Source/JavaScriptCore/runtime/JSObject.cpp b/Source/JavaScriptCore/runtime/JSObject.cpp index 730194f3a..3ac431777 100644 --- a/Source/JavaScriptCore/runtime/JSObject.cpp +++ b/Source/JavaScriptCore/runtime/JSObject.cpp @@ -1301,8 +1301,13 @@ bool JSObject::deleteProperty(JSCell* cell, ExecState* exec, PropertyName proper if (Optional<uint32_t> index = parseIndex(propertyName)) return thisObject->methodTable(vm)->deletePropertyByIndex(thisObject, exec, index.value()); - if (!thisObject->staticFunctionsReified()) - thisObject->reifyAllStaticProperties(exec); + if (!thisObject->staticFunctionsReified()) { + if (auto* entry = thisObject->findPropertyHashEntry(propertyName)) { + if (entry->attributes() & DontDelete) + return false; + thisObject->reifyAllStaticProperties(exec); + } + } unsigned attributes; if (isValidOffset(thisObject->structure(vm)->get(vm, propertyName, attributes))) { |