Repatch should be able to polymorphic call with arity fixup.

https://bugs.webkit.org/show_bug.cgi?id=240911 Reviewed by Saam Barati. Right now repatch will emit a virtual call any time it has a case that requires arity fixup. Instead it should just pick the arity fixup entrypoint. Canonical link: https://commits.webkit.org/251429@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@295423 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Jun 9, 2022 · dd561da0f60d3704e6401b582d846712950620f8 · dd561da
1 parent 5353474
commit dd561da0f60d3704e6401b582d846712950620f8
Showing 1 changed file with 13 additions and 5 deletions.
diff --git a/Source/JavaScriptCore/bytecode/Repatch.cpp b/Source/JavaScriptCore/bytecode/Repatch.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2022 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -1657,9 +1657,9 @@ void linkPolymorphicCall(JSGlobalObject* globalObject, CallFrame* callFrame, Cal
         if (variant.executable() && !variant.executable()->isHostFunction()) {
             ExecutableBase* executable = variant.executable();
             codeBlock = jsCast<FunctionExecutable*>(executable)->codeBlockForCall();
-            // If we cannot handle a callee, either because we don't have a CodeBlock or because arity mismatch,
+            // If we cannot handle a callee, because we don't have a CodeBlock,
             // assume that it's better for this whole thing to be a virtual call.
-            if (!codeBlock || callFrame->argumentCountIncludingThis() < static_cast<size_t>(codeBlock->numParameters()) || callLinkInfo.isVarargs()) {
+            if (!codeBlock) {
                 linkVirtualFor(vm, callFrame, callLinkInfo);
                 return;
             }
@@ -1813,8 +1813,16 @@ void linkPolymorphicCall(JSGlobalObject* globalObject, CallFrame* callFrame, Cal
             ASSERT(variant.executable()->hasJITCodeForCall());
 
             codePtr = jsToWasmICCodePtr(callLinkInfo.specializationKind(), variant.function());
-            if (!codePtr)
-                codePtr = variant.executable()->generatedJITCodeForCall()->addressForCall(ArityCheckNotRequired);
+            if (!codePtr) {
+                ArityCheckMode arityCheck = ArityCheckNotRequired;
+                if (auto* codeBlock = callCase.codeBlock()) {
+                    ASSERT(!variant.executable()->isHostFunction());
+                    if ((callFrame->argumentCountIncludingThis() < static_cast<size_t>(callCase.codeBlock()->numParameters()) || callLinkInfo.isVarargs()))
+                        arityCheck = MustCheckArity;
+
+                }
+                codePtr = variant.executable()->generatedJITCodeForCall()->addressForCall(arityCheck);
+            }
         } else {
             ASSERT(variant.internalFunction());
             codePtr = vm.getCTIInternalFunctionTrampolineFor(CodeForCall);