Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-pick 275255@main (3790f1e). https://bugs.webkit.org/show_bug.c…
…gi?id=246274 [JSC] Don't optimize String.prototype.replace for RegExp searchValue with non-numeric lastIndex. https://bugs.webkit.org/show_bug.cgi?id=246274 Reviewed by Alexey Shvayka. In DFGByteCodeParser, String.prototype.replace with a RegExp object as searchValue is inlined into a StringReplace node. So after DFG, lastIndex is no longer read and updated. Therefore, searchValue.lastIndex.toString is no longer invoked. This patch changes the code so that it doesn't inline if searchValue.lastIndex isn't numeric. https://tc39.es/ecma262/#sec-string.prototype.replace * JSTests/stress/string-replace-regexp-deopt-lastindex.js: Added. (shouldBe): (foo.regexLastIndex.toString): (foo): * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::addStringReplacePrimordialChecks): Canonical link: https://commits.webkit.org/275255@main Canonical link: https://commits.webkit.org/274313.184@webkitglib/2.44
- Loading branch information