[webkit-changes] [90854] trunk/Source/JavaScriptCore

Tue, 12 Jul 2011 14:52:05 -0700

Title: [90854] trunk/Source/_javascript_Core
Revision
90854
Author
[email protected]
Date
2011-07-12 14:51:52 -0700 (Tue, 12 Jul 2011)

Log Message

DFG JIT put_by_id transition caching does not inform the GC about the structure and
prototype chain that it is referencing.
https://bugs.webkit.org/show_bug.cgi?id=64387

Patch by Filip Pizlo <[email protected]> on 2011-07-12
Reviewed by Gavin Barraclough.

Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().

* dfg/DFGRepatch.cpp:
(JSC::DFG::tryCachePutByID):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (90853 => 90854)


--- trunk/Source/_javascript_Core/ChangeLog	2011-07-12 21:46:35 UTC (rev 90853)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-07-12 21:51:52 UTC (rev 90854)
@@ -1,3 +1,16 @@
+2011-07-12  Filip Pizlo  <[email protected]>
+
+        DFG JIT put_by_id transition caching does not inform the GC about the structure and
+        prototype chain that it is referencing.
+        https://bugs.webkit.org/show_bug.cgi?id=64387
+
+        Reviewed by Gavin Barraclough.
+        
+        Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
+
+        * dfg/DFGRepatch.cpp:
+        (JSC::DFG::tryCachePutByID):
+
 2011-07-12  Adam Roben  <[email protected]>
 
         Ensure no intermediate WTF::Strings are created when concatenating with string literals

Modified: trunk/Source/_javascript_Core/dfg/DFGRepatch.cpp (90853 => 90854)


--- trunk/Source/_javascript_Core/dfg/DFGRepatch.cpp	2011-07-12 21:46:35 UTC (rev 90853)
+++ trunk/Source/_javascript_Core/dfg/DFGRepatch.cpp	2011-07-12 21:51:52 UTC (rev 90854)
@@ -413,6 +413,8 @@
             repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.deltaCallToStructCheck), entryLabel);
             repatchBuffer.relink(stubInfo.callReturnLocation, appropriatePutByIdFunction(slot, putKind));
             
+            stubInfo.initPutByIdTransition(*globalData, codeBlock->ownerExecutable(), oldStructure, structure, prototypeChain);
+            
             return true;
         }
 

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to