Skip to site navigation (Press enter)

[webkit-changes] [286390] trunk/Source/JavaScriptCore

ysuzuki Wed, 01 Dec 2021 15:16:34 -0800

Title: [286390] trunk/Source/_javascript_Core

Revision: 286390
Author: [email protected]
Date: 2021-12-01 15:15:43 -0800 (Wed, 01 Dec 2021)

Log Message

[JSC] RegExpTestInline DFG / FTL nodes should introduce a write-barrier
https://bugs.webkit.org/show_bug.cgi?id=233716


Reviewed by Michael Saboff.

Since RegExpTestInline fast path stores cells into JSGlobalObject's RegExpCachedResult field,
we need to consider about inserting a write-barrier onto JSGlobalObject.
This patch adds RegExpTestInline to DFGStoreBarrierInsertionPhase so that DFG / FTL inserts
a write-barrier appropriately.

* dfg/DFGStoreBarrierInsertionPhase.cpp:

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/dfg/DFGStoreBarrierInsertionPhase.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (286389 => 286390)


--- trunk/Source/_javascript_Core/ChangeLog	2021-12-01 23:03:24 UTC (rev 286389)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-12-01 23:15:43 UTC (rev 286390)
@@ -1,3 +1,17 @@
+2021-12-01  Yusuke Suzuki  <[email protected]>
+
+        [JSC] RegExpTestInline DFG / FTL nodes should introduce a write-barrier
+        https://bugs.webkit.org/show_bug.cgi?id=233716
+
+        Reviewed by Michael Saboff.
+
+        Since RegExpTestInline fast path stores cells into JSGlobalObject's RegExpCachedResult field,
+        we need to consider about inserting a write-barrier onto JSGlobalObject.
+        This patch adds RegExpTestInline to DFGStoreBarrierInsertionPhase so that DFG / FTL inserts
+        a write-barrier appropriately.
+
+        * dfg/DFGStoreBarrierInsertionPhase.cpp:
+
 2021-12-01  Keith Miller  <[email protected]>
 
         Add static_assert the value we use to initialize a StructureID buffer should be 0.

Modified: trunk/Source/_javascript_Core/dfg/DFGStoreBarrierInsertionPhase.cpp (286389 => 286390)


--- trunk/Source/_javascript_Core/dfg/DFGStoreBarrierInsertionPhase.cpp	2021-12-01 23:03:24 UTC (rev 286389)
+++ trunk/Source/_javascript_Core/dfg/DFGStoreBarrierInsertionPhase.cpp	2021-12-01 23:15:43 UTC (rev 286390)
@@ -308,6 +308,11 @@
                 break;
             }
 
+            case RegExpTestInline: {
+                considerBarrier(m_node->child1());
+                break;
+            }
+
             case RecordRegExpCachedResult: {
                 considerBarrier(m_graph.varArgChild(m_node, 0));
                 break;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes