[webkit-changes] [241772] trunk/Source/JavaScriptCore

Tue, 19 Feb 2019 14:05:34 -0800

Title: [241772] trunk/Source/_javascript_Core
Revision
241772
Author
[email protected]
Date
2019-02-19 14:03:54 -0800 (Tue, 19 Feb 2019)

Log Message

Fix DFG doesGC() for TryGetById and ProfileType nodes.
https://bugs.webkit.org/show_bug.cgi?id=194821
<rdar://problem/48206690>

Reviewed by Saam Barati.

Fix doesGC() for the following nodes:

    ProfileType:
        calls operationProcessTypeProfilerLogDFG(), which can calculatedClassName(),
        which can call JSString::tryGetValue(), which can resolve a rope.

    TryGetById:
        calls operationTryGetByIdOptimize(), which can startWatchingPropertyForReplacements()
        on a structure, which can allocate StructureRareData.

* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (241771 => 241772)


--- trunk/Source/_javascript_Core/ChangeLog	2019-02-19 21:47:13 UTC (rev 241771)
+++ trunk/Source/_javascript_Core/ChangeLog	2019-02-19 22:03:54 UTC (rev 241772)
@@ -1,3 +1,24 @@
+2019-02-19  Mark Lam  <[email protected]>
+
+        Fix DFG doesGC() for TryGetById and ProfileType nodes.
+        https://bugs.webkit.org/show_bug.cgi?id=194821
+        <rdar://problem/48206690>
+
+        Reviewed by Saam Barati.
+
+        Fix doesGC() for the following nodes:
+
+            ProfileType:
+                calls operationProcessTypeProfilerLogDFG(), which can calculatedClassName(),
+                which can call JSString::tryGetValue(), which can resolve a rope.
+
+            TryGetById:
+                calls operationTryGetByIdOptimize(), which can startWatchingPropertyForReplacements()
+                on a structure, which can allocate StructureRareData.
+
+        * dfg/DFGDoesGC.cpp:
+        (JSC::DFG::doesGC):
+
 2019-02-18  Yusuke Suzuki  <[email protected]>
 
         [JSC] Introduce JSNonDestructibleProxy for _javascript_Core.framework's GlobalThis

Modified: trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp (241771 => 241772)


--- trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp	2019-02-19 21:47:13 UTC (rev 241771)
+++ trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp	2019-02-19 22:03:54 UTC (rev 241772)
@@ -109,7 +109,6 @@
     case ArithTrunc:
     case ArithFRound:
     case ArithUnary:
-    case TryGetById:
     case CheckStructure:
     case CheckStructureOrEmpty:
     case CheckStructureImmediate:
@@ -136,7 +135,6 @@
     case CompareBelow:
     case CompareBelowEq:
     case CompareEqPtr:
-    case ProfileType:
     case ProfileControlFlow:
     case OverridesHasInstance:
     case IsEmpty:
@@ -293,6 +291,7 @@
     case LoadVarargs:
     case NumberToStringWithRadix:
     case NumberToStringWithValidRadixConstant:
+    case ProfileType:
     case PutById:
     case PutByIdDirect:
     case PutByIdFlush:
@@ -327,6 +326,7 @@
     case ToObject:
     case ToPrimitive:
     case ToThis:
+    case TryGetById:
     case CreateThis:
     case ObjectCreate:
     case ObjectKeys:

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to