[webkit-changes] [WebKit/WebKit] a6e9cd: [JSC] isStringPrototypeMethodSane should be watchp...

Tue, 20 May 2025 01:01:24 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: a6e9cd68e92450280deabab1de4500d4e595a6a0
      
https://github.com/WebKit/WebKit/commit/a6e9cd68e92450280deabab1de4500d4e595a6a0
  Author: Yusuke Suzuki <[email protected]>
  Date:   2025-05-20 (Tue, 20 May 2025)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
    M Source/JavaScriptCore/dfg/DFGGraph.cpp
    M Source/JavaScriptCore/dfg/DFGGraph.h
    M Source/JavaScriptCore/dfg/DFGJITCode.cpp
    M Source/JavaScriptCore/dfg/DFGJITCode.h
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h

  Log Message:
  -----------
  [JSC] isStringPrototypeMethodSane should be watchpoint-based
https://bugs.webkit.org/show_bug.cgi?id=293267
rdar://151654512

Reviewed by Yijia Huang and Mark Lam.

We found that isStringPrototypeMethodSane didn't work well
(conservatively failing) when some functions are added to the prototype
in some timings. We should use more solid approach: let's just set
watchpoints in JSGlobalObject initially and monitor whether they are not
replaced. We set watchpoints for `String.prototype.toString`,
`String.prototype.valueOf`, and `String.prototype.@@toPrimitive`. These
approach is already used for `Number.prototype.toString` and `RegExp`
prototype properties.

* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::canOptimizeStringObjectAccess):
(JSC::DFG::Graph::isStringPrototypeMethodSane): Deleted.
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGJITCode.cpp:
(JSC::DFG::JITData::JITData):
(JSC::DFG::JITData::tryInitialize):
* Source/JavaScriptCore/dfg/DFGJITCode.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::stringSymbolToPrimitiveWatchpointSet):
(JSC::JSGlobalObject::stringToStringWatchpointSet):
(JSC::JSGlobalObject::stringValueOfWatchpointSet):

Canonical link: https://commits.webkit.org/295147@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to