[webkit-changes] [WebKit/WebKit] 89a544: Split function and method structure IDs

Thu, 26 Jun 2025 11:10:45 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 89a54431217549a2cadfc4bc102e3951abdf8b5c
      
https://github.com/WebKit/WebKit/commit/89a54431217549a2cadfc4bc102e3951abdf8b5c
  Author: Daniel Liu <[email protected]>
  Date:   2025-06-26 (Thu, 26 Jun 2025)

  Changed paths:
    A JSTests/stress/dont-make-assumptions-about-function-prototype-property.js
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/jit/JITOperations.cpp
    M Source/JavaScriptCore/jit/OperationResult.h
    M Source/JavaScriptCore/runtime/JSFunction.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h

  Log Message:
  -----------
  Split function and method structure IDs
https://bugs.webkit.org/show_bug.cgi?id=294329
rdar://152034999

Reviewed by Yusuke Suzuki.

Our inline caches can confuse between functions with a prototype and
functions without a prototype property. To remedy this, we introduce
different structure IDs for functions with a prototype property, and
methods without a prototype property. This ensures that ICs will not
incorrectly resolve one as the other, but allows us to still use the
IC for prototype accesses.

* JSTests/stress/dont-make-assumptions-about-function-prototype-property.js: 
Added.
(equals):
(exists):
(notexists):
(delete_proto):
(round0.func):
(round0):
(testGet.func):
(testGet):
(testDelete.func):
(testDelete):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::compileHandler):
* Source/JavaScriptCore/bytecode/Repatch.cpp:
(JSC::tryCacheGetBy):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/jit/JITOperations.h:
(JSC::selectNewFunctionOperation):
* Source/JavaScriptCore/runtime/JSFunction.cpp:
(JSC::JSFunction::selectStructureForNewFuncExp):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::deleteProperty):
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildrenImpl):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::sloppyMethodStructure const):
(JSC::JSGlobalObject::strictMethodStructure const):

Canonical link: https://commits.webkit.org/296674@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to