[webkit-changes] [WebKit/WebKit] 0fa56e: Scoped Arguements needs to alias between named and...

Mon, 18 Dec 2023 22:44:36 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0fa56ec28b9251f4d6b73e7e963f27838c828bf6
      
https://github.com/WebKit/WebKit/commit/0fa56ec28b9251f4d6b73e7e963f27838c828bf6
  Author: Michael Saboff <[email protected]>
  Date:   2023-12-18 (Mon, 18 Dec 2023)

  Changed paths:
    A JSTests/stress/arrow-function-captured-arguments-aliased.js
    M Source/JavaScriptCore/bytecode/CodeBlock.cpp
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
    M Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
    M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
    M Source/JavaScriptCore/runtime/GetPutInfo.h
    M Source/JavaScriptCore/runtime/ScopedArguments.h
    M Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp
    M Source/JavaScriptCore/runtime/ScopedArgumentsTable.h
    M Source/JavaScriptCore/runtime/SymbolTable.cpp
    M Source/JavaScriptCore/runtime/SymbolTable.h

  Log Message:
  -----------
  Scoped Arguements needs to alias between named and unnamed accesses and 
across nested scopes
https://bugs.webkit.org/show_bug.cgi?id=261934
rdar://114925088

Reviewed by Yusuke Suzuki.

Fixed issue where an access to a named argument and a seperate access via its 
argument[i] counterpart weren't recognized throughout
all JIT tiers as accesses to the same scoped value.  The DFG bytecode parser 
can unknowingly constant fold the read access.
Added aliasing via the SymbolTable and its ScopedArgumentsTable for both types 
of accesses of such values.
related objects

Added watchpoints for scoped arguments, and shared the watchpoint from the 
SymbolTableEntry for the named parameter with the
ScopedArgument entry for the matching index.  Tagged op_put_to_scope bytecodes 
with a new ScopedArgumentInitialization
initialization type in GetPutInfo to signify this shared watchpoint case.  
Since currently all tiers write to scoped arguments
via ScopedArguments::setIndexQuickly(), that is where we fire its watchpoint.

Added a new test.

* JSTests/stress/arrow-function-captured-arguments-aliased.js: New test.
(createOptAll):
(createOpt500):
(createOpt2000):
(createOpt5000):
(main):
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:
* Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:
* Source/JavaScriptCore/runtime/GetPutInfo.h:
(JSC::initializationModeName):
(JSC::isInitialization):
* Source/JavaScriptCore/runtime/ScopedArguments.h:
* Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp:
(JSC::ScopedArgumentsTable::tryCreate):
(JSC::ScopedArgumentsTable::tryClone):
(JSC::ScopedArgumentsTable::trySetLength):
(JSC::ScopedArgumentsTable::trySetWatchpointSet):
* Source/JavaScriptCore/runtime/ScopedArgumentsTable.h:
* Source/JavaScriptCore/runtime/SymbolTable.h:

Originally-landed-as: 267815.345@safari-7617-branch (99b8814b73d1). 
rdar://119594814
Canonical link: https://commits.webkit.org/272253@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to