Title: [280050] trunk
- Revision
- 280050
- Author
- [email protected]
- Date
- 2021-07-19 15:17:56 -0700 (Mon, 19 Jul 2021)
Log Message
[JSC] InByStatus / InByVariant should visit CacheableIdentifier
https://bugs.webkit.org/show_bug.cgi?id=228088
rdar://80794604
Reviewed by Mark Lam.
JSTests:
* stress/in-by-variant-should-mark-cacheable-identifier.js: Added.
(foo):
(let.handler.has):
Source/_javascript_Core:
After r278445, InByVariant holds CacheableIdentifier. And this can have
String/Symbol cells if this variant is generated by in_by_val. In that
case, we must visit this cell as GetByStatus / GetByVariant are doing.
* bytecode/InByStatus.cpp:
(JSC::InByStatus::visitAggregateImpl):
* bytecode/InByStatus.h:
* bytecode/InByVariant.cpp:
(JSC::InByVariant::visitAggregateImpl):
* bytecode/InByVariant.h:
* bytecode/RecordedStatuses.cpp:
(JSC::RecordedStatuses::visitAggregateImpl):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (280049 => 280050)
--- trunk/JSTests/ChangeLog 2021-07-19 22:01:03 UTC (rev 280049)
+++ trunk/JSTests/ChangeLog 2021-07-19 22:17:56 UTC (rev 280050)
@@ -1,3 +1,15 @@
+2021-07-19 Yusuke Suzuki <[email protected]>
+
+ [JSC] InByStatus / InByVariant should visit CacheableIdentifier
+ https://bugs.webkit.org/show_bug.cgi?id=228088
+ rdar://80794604
+
+ Reviewed by Mark Lam.
+
+ * stress/in-by-variant-should-mark-cacheable-identifier.js: Added.
+ (foo):
+ (let.handler.has):
+
2021-07-16 Yusuke Suzuki <[email protected]>
[JSC] Simplify sampling-profiler-regexp.js test
Added: trunk/JSTests/stress/in-by-variant-should-mark-cacheable-identifier.js (0 => 280050)
--- trunk/JSTests/stress/in-by-variant-should-mark-cacheable-identifier.js (rev 0)
+++ trunk/JSTests/stress/in-by-variant-should-mark-cacheable-identifier.js 2021-07-19 22:17:56 UTC (rev 280050)
@@ -0,0 +1,24 @@
+//@ runDefault("--slowPathAllocsBetweenGCs=13")
+function foo(object) {
+ 'hello' in object;
+}
+
+let handler = {
+ has(_, keyArg) {
+ keyArg in targetObject;
+ }
+};
+let targetObject = {};
+let proxy = new Proxy(targetObject, handler);
+for (let i = 0; i < 10000; ++i) {
+ foo(proxy);
+}
+targetObject.hello = undefined;
+gc();
+for (let i = 0; i < 10000; ++i) {
+ foo(proxy);
+}
+delete targetObject?.hello;
+for (let i = 0; i < 100000; ++i) {
+ foo(proxy);
+}
Modified: trunk/Source/_javascript_Core/ChangeLog (280049 => 280050)
--- trunk/Source/_javascript_Core/ChangeLog 2021-07-19 22:01:03 UTC (rev 280049)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-07-19 22:17:56 UTC (rev 280050)
@@ -1,3 +1,24 @@
+2021-07-19 Yusuke Suzuki <[email protected]>
+
+ [JSC] InByStatus / InByVariant should visit CacheableIdentifier
+ https://bugs.webkit.org/show_bug.cgi?id=228088
+ rdar://80794604
+
+ Reviewed by Mark Lam.
+
+ After r278445, InByVariant holds CacheableIdentifier. And this can have
+ String/Symbol cells if this variant is generated by in_by_val. In that
+ case, we must visit this cell as GetByStatus / GetByVariant are doing.
+
+ * bytecode/InByStatus.cpp:
+ (JSC::InByStatus::visitAggregateImpl):
+ * bytecode/InByStatus.h:
+ * bytecode/InByVariant.cpp:
+ (JSC::InByVariant::visitAggregateImpl):
+ * bytecode/InByVariant.h:
+ * bytecode/RecordedStatuses.cpp:
+ (JSC::RecordedStatuses::visitAggregateImpl):
+
2021-07-16 Yijia Huang <[email protected]>
Add ExtendType to Air::Arg Index to fully utilize address computation in memory instruction for ARM64
Modified: trunk/Source/_javascript_Core/bytecode/InByStatus.cpp (280049 => 280050)
--- trunk/Source/_javascript_Core/bytecode/InByStatus.cpp 2021-07-19 22:01:03 UTC (rev 280049)
+++ trunk/Source/_javascript_Core/bytecode/InByStatus.cpp 2021-07-19 22:17:56 UTC (rev 280050)
@@ -262,6 +262,15 @@
}
template<typename Visitor>
+void InByStatus::visitAggregateImpl(Visitor& visitor)
+{
+ for (InByVariant& variant : m_variants)
+ variant.visitAggregate(visitor);
+}
+
+DEFINE_VISIT_AGGREGATE(InByStatus);
+
+template<typename Visitor>
void InByStatus::markIfCheap(Visitor& visitor)
{
for (InByVariant& variant : m_variants)
Modified: trunk/Source/_javascript_Core/bytecode/InByStatus.h (280049 => 280050)
--- trunk/Source/_javascript_Core/bytecode/InByStatus.h 2021-07-19 22:01:03 UTC (rev 280049)
+++ trunk/Source/_javascript_Core/bytecode/InByStatus.h 2021-07-19 22:17:56 UTC (rev 280050)
@@ -104,6 +104,7 @@
// Attempts to reduce the set of variants to fit the given structure set. This may be approximate.
void filter(const StructureSet&);
+ DECLARE_VISIT_AGGREGATE;
template<typename Visitor> void markIfCheap(Visitor&);
bool finalize(VM&);
Modified: trunk/Source/_javascript_Core/bytecode/InByVariant.cpp (280049 => 280050)
--- trunk/Source/_javascript_Core/bytecode/InByVariant.cpp 2021-07-19 22:01:03 UTC (rev 280049)
+++ trunk/Source/_javascript_Core/bytecode/InByVariant.cpp 2021-07-19 22:17:56 UTC (rev 280050)
@@ -74,6 +74,14 @@
}
template<typename Visitor>
+void InByVariant::visitAggregateImpl(Visitor& visitor)
+{
+ m_identifier.visitAggregate(visitor);
+}
+
+DEFINE_VISIT_AGGREGATE(InByVariant);
+
+template<typename Visitor>
void InByVariant::markIfCheap(Visitor& visitor)
{
m_structureSet.markIfCheap(visitor);
Modified: trunk/Source/_javascript_Core/bytecode/InByVariant.h (280049 => 280050)
--- trunk/Source/_javascript_Core/bytecode/InByVariant.h 2021-07-19 22:01:03 UTC (rev 280049)
+++ trunk/Source/_javascript_Core/bytecode/InByVariant.h 2021-07-19 22:17:56 UTC (rev 280050)
@@ -58,6 +58,7 @@
bool attemptToMerge(const InByVariant& other);
+ DECLARE_VISIT_AGGREGATE;
template<typename Visitor> void markIfCheap(Visitor&);
bool finalize(VM&);
Modified: trunk/Source/_javascript_Core/bytecode/RecordedStatuses.cpp (280049 => 280050)
--- trunk/Source/_javascript_Core/bytecode/RecordedStatuses.cpp 2021-07-19 22:01:03 UTC (rev 280049)
+++ trunk/Source/_javascript_Core/bytecode/RecordedStatuses.cpp 2021-07-19 22:17:56 UTC (rev 280050)
@@ -107,6 +107,8 @@
{
for (auto& pair : gets)
pair.second->visitAggregate(visitor);
+ for (auto& pair : ins)
+ pair.second->visitAggregate(visitor);
for (auto& pair : deletes)
pair.second->visitAggregate(visitor);
for (auto& pair : checkPrivateBrands)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
