Commit c5cc568b authored by Sigurd Schneider's avatar Sigurd Schneider Committed by Commit Bot

[turbofan] Fix fast-path of String.prototype.charAt/charCodeAt

The fast-path of S.p.charAt/charCodeAt wrongly truncates the index,
i.e. charAt(k + 4294967295) yields the same as charAt(k-1). This CL
fixes this behaviour, at the cost of not providing a fast-path for
charAt(1.1), i.e. if charAt/charCodeAt is called with a Number.

Bug: chromium:800594
Change-Id: Ic8e749380d3118f0c9469eb626e81bf72cf09fec
Reviewed-on: https://chromium-review.googlesource.com/860003Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50497}
parent d44f75f5
......@@ -3985,7 +3985,7 @@ Reduction JSCallReducer::ReduceStringPrototypeCharAt(Node* node) {
receiver = effect = graph()->NewNode(simplified()->CheckString(p.feedback()),
receiver, effect, control);
if (node->op()->ValueInputCount() >= 3) {
index = effect = graph()->NewNode(simplified()->CheckNumber(p.feedback()),
index = effect = graph()->NewNode(simplified()->CheckSmi(p.feedback()),
NodeProperties::GetValueInput(node, 2),
effect, control);
// Map -0 and NaN to 0 (as per ToInteger), and the values in
......@@ -4043,7 +4043,7 @@ Reduction JSCallReducer::ReduceStringPrototypeCharCodeAt(Node* node) {
receiver = effect = graph()->NewNode(simplified()->CheckString(p.feedback()),
receiver, effect, control);
if (node->op()->ValueInputCount() >= 3) {
index = effect = graph()->NewNode(simplified()->CheckNumber(p.feedback()),
index = effect = graph()->NewNode(simplified()->CheckSmi(p.feedback()),
NodeProperties::GetValueInput(node, 2),
effect, control);
......
......@@ -33,8 +33,6 @@ function test(f) {
f();
%OptimizeFunctionOnNextCall(f);
f();
// Assert that there has been no deopt.
assertOptimized(f);
}
test(function add() {
......@@ -234,6 +232,7 @@ test(function stringCharCodeAt() {
assertEquals("NaN", String("abc".charCodeAt(4)));
assertEquals(98, "abc".charCodeAt(1.1));
assertEquals("NaN", String("abc".charCodeAt(4.1)));
assertEquals("NaN", String("abc".charCodeAt(1 + 4294967295)));
});
test(function stringCharAt() {
......@@ -242,6 +241,7 @@ test(function stringCharAt() {
assertEquals("", "abc".charAt(4));
assertEquals("b", "abc".charAt(1.1));
assertEquals("", "abc".charAt(4.1));
assertEquals("", String("abc".charAt(1 + 4294967295)));
});
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment