Title: [241033] branches/safari-607-branch
- Revision
- 241033
- Author
- mark....@apple.com
- Date
- 2019-02-06 11:23:58 -0800 (Wed, 06 Feb 2019)
Log Message
Cherry-pick r240917. rdar://problem/47810465
2019-02-03 Mark Lam <mark....@apple.com>
DFG's doesGC() is incorrect about the SameValue node's behavior.
https://bugs.webkit.org/show_bug.cgi?id=194211
<rdar://problem/47608913>
Reviewed by Saam Barati.
Only the DoubleRepUse case is guaranteed to not GC. The other case may GC because
it calls operationSameValue() which may allocate memory for resolving ropes.
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
Modified Paths
Property Changed
Diff
Index: branches/safari-607-branch
===================================================================
--- branches/safari-607-branch 2019-02-06 19:09:55 UTC (rev 241032)
+++ branches/safari-607-branch 2019-02-06 19:23:58 UTC (rev 241033)
Property changes: branches/safari-607-branch
Modified: svn:mergeinfo
-/trunk:53455,239940,240329,240335,240616
\ No newline at end of property
+/trunk:53455,239940,240329,240335,240616,240917
\ No newline at end of property
Modified: branches/safari-607-branch/Source/_javascript_Core/ChangeLog (241032 => 241033)
--- branches/safari-607-branch/Source/_javascript_Core/ChangeLog 2019-02-06 19:09:55 UTC (rev 241032)
+++ branches/safari-607-branch/Source/_javascript_Core/ChangeLog 2019-02-06 19:23:58 UTC (rev 241033)
@@ -1,3 +1,21 @@
+2019-02-06 Mark Lam <mark....@apple.com>
+
+ Cherry-pick r240917. rdar://problem/47810465
+
+ 2019-02-03 Mark Lam <mark....@apple.com>
+
+ DFG's doesGC() is incorrect about the SameValue node's behavior.
+ https://bugs.webkit.org/show_bug.cgi?id=194211
+ <rdar://problem/47608913>
+
+ Reviewed by Saam Barati.
+
+ Only the DoubleRepUse case is guaranteed to not GC. The other case may GC because
+ it calls operationSameValue() which may allocate memory for resolving ropes.
+
+ * dfg/DFGDoesGC.cpp:
+ (JSC::DFG::doesGC):
+
2019-01-28 Mark Lam <mark....@apple.com>
Cherry-pick r240616. rdar://problem/47774497
Modified: branches/safari-607-branch/Source/_javascript_Core/dfg/DFGDoesGC.cpp (241032 => 241033)
--- branches/safari-607-branch/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2019-02-06 19:09:55 UTC (rev 241032)
+++ branches/safari-607-branch/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2019-02-06 19:23:58 UTC (rev 241033)
@@ -162,7 +162,6 @@
case CompareEq:
case CompareStrictEq:
case CompareEqPtr:
- case SameValue:
case Call:
case DirectCall:
case TailCallInlinedCaller:
@@ -412,6 +411,11 @@
case MultiPutByOffset:
return node->multiPutByOffsetData().reallocatesStorage();
+ case SameValue:
+ if (node->isBinaryUseKind(DoubleRepUse))
+ return false;
+ return true;
+
case LastNodeType:
RELEASE_ASSERT_NOT_REACHED();
return true;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
