• Benedikt Meurer's avatar
    [ic] Add OOB support to KeyedLoadIC. · 6dc35ab4
    Benedikt Meurer authored
    This adds support to the KeyedLoadIC to ignore out of bounds accesses
    for Strings and return undefined instead. We add a dedicated bit to the
    Smi handler to encode the OOB state and have TurboFan generate appropriate
    code for that case as well. This is mostly useful when programs
    accidentially access past the length of a string, which was observed and
    fixed for example in Babel recently, see
    
      https://github.com/babel/babel/pull/6589
    
    for details. The idea is to also extend this mechanism to Arrays and
    maybe other receivers, as reading beyond the length is also often used
    in jQuery and other popular libraries.
    
    Note that this is considered a mitigation for a performance cliff and
    not a general optimization of OOB accesses. These should still be
    avoided and handled properly instead.
    
    This seems to further improve the babel test on the web-tooling-benchmark
    by around 1%, because the OOB access no longer turns the otherwise
    MONOMORPHIC access into MEGAMORPHIC state.
    
    Bug: v8:6936, v8:7014
    Change-Id: I9df03304e056d7001a65da8e9621119f8e9bb55b
    Reviewed-on: https://chromium-review.googlesource.com/744022
    Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
    Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
    Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
    Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#49049}
    6dc35ab4
js-native-context-specialization.h 10.5 KB