Title: [241753] trunk/Source/_javascript_Core
- Revision
- 241753
- Author
- [email protected]
- Date
- 2019-02-18 18:32:10 -0800 (Mon, 18 Feb 2019)
Log Message
Fix DFG doesGC() for CompareEq/Less/LessEq/Greater/GreaterEq and CompareStrictEq nodes.
https://bugs.webkit.org/show_bug.cgi?id=194800
<rdar://problem/48183773>
Reviewed by Yusuke Suzuki.
Fix doesGC() for the following nodes:
CompareEq:
CompareLess:
CompareLessEq:
CompareGreater:
CompareGreaterEq:
CompareStrictEq:
Only return false (i.e. does not GC) for child node use kinds that have
been vetted to not do anything that can GC. For all other use kinds
(including StringUse and BigIntUse), we return true (i.e. does GC).
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (241752 => 241753)
--- trunk/Source/_javascript_Core/ChangeLog 2019-02-19 02:29:02 UTC (rev 241752)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-02-19 02:32:10 UTC (rev 241753)
@@ -1,3 +1,26 @@
+2019-02-18 Mark Lam <[email protected]>
+
+ Fix DFG doesGC() for CompareEq/Less/LessEq/Greater/GreaterEq and CompareStrictEq nodes.
+ https://bugs.webkit.org/show_bug.cgi?id=194800
+ <rdar://problem/48183773>
+
+ Reviewed by Yusuke Suzuki.
+
+ Fix doesGC() for the following nodes:
+
+ CompareEq:
+ CompareLess:
+ CompareLessEq:
+ CompareGreater:
+ CompareGreaterEq:
+ CompareStrictEq:
+ Only return false (i.e. does not GC) for child node use kinds that have
+ been vetted to not do anything that can GC. For all other use kinds
+ (including StringUse and BigIntUse), we return true (i.e. does GC).
+
+ * dfg/DFGDoesGC.cpp:
+ (JSC::DFG::doesGC):
+
2019-02-16 Darin Adler <[email protected]>
Continue reducing use of String::format, now focusing on hex: "%p", "%x", etc.
Modified: trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp (241752 => 241753)
--- trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2019-02-19 02:29:02 UTC (rev 241752)
+++ trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2019-02-19 02:32:10 UTC (rev 241753)
@@ -133,14 +133,8 @@
case CheckNotEmpty:
case AssertNotEmpty:
case CheckStringIdent:
- case CompareLess:
- case CompareLessEq:
- case CompareGreater:
- case CompareGreaterEq:
case CompareBelow:
case CompareBelowEq:
- case CompareEq:
- case CompareStrictEq:
case CompareEqPtr:
case ProfileType:
case ProfileControlFlow:
@@ -408,6 +402,46 @@
ASSERT(Options::usePollingTraps());
return true;
+ case CompareEq:
+ case CompareLess:
+ case CompareLessEq:
+ case CompareGreater:
+ case CompareGreaterEq:
+ if (node->isBinaryUseKind(Int32Use)
+#if USE(JSVALUE64)
+ || node->isBinaryUseKind(Int52RepUse)
+#endif
+ || node->isBinaryUseKind(DoubleRepUse)
+ || node->isBinaryUseKind(StringIdentUse)
+ )
+ return false;
+ if (node->op() == CompareEq) {
+ if (node->isBinaryUseKind(BooleanUse)
+ || node->isBinaryUseKind(SymbolUse)
+ || node->isBinaryUseKind(ObjectUse)
+ || node->isBinaryUseKind(ObjectUse, ObjectOrOtherUse) || node->isBinaryUseKind(ObjectOrOtherUse, ObjectUse))
+ return false;
+ }
+ return true;
+
+ case CompareStrictEq:
+ if (node->isBinaryUseKind(BooleanUse)
+ || node->isBinaryUseKind(Int32Use)
+#if USE(JSVALUE64)
+ || node->isBinaryUseKind(Int52RepUse)
+#endif
+ || node->isBinaryUseKind(DoubleRepUse)
+ || node->isBinaryUseKind(SymbolUse)
+ || node->isBinaryUseKind(SymbolUse, UntypedUse)
+ || node->isBinaryUseKind(UntypedUse, SymbolUse)
+ || node->isBinaryUseKind(StringIdentUse)
+ || node->isBinaryUseKind(ObjectUse, UntypedUse) || node->isBinaryUseKind(UntypedUse, ObjectUse)
+ || node->isBinaryUseKind(ObjectUse)
+ || node->isBinaryUseKind(MiscUse, UntypedUse) || node->isBinaryUseKind(UntypedUse, MiscUse)
+ || node->isBinaryUseKind(StringIdentUse, NotStringVarUse) || node->isBinaryUseKind(NotStringVarUse, StringIdentUse))
+ return false;
+ return true;
+
case GetIndexedPropertyStorage:
case GetByVal:
if (node->arrayMode().type() == Array::String)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
