[webkit-changes] [157541] trunk/Source/JavaScriptCore

Wed, 16 Oct 2013 16:48:26 -0700

Title: [157541] trunk/Source/_javascript_Core
Revision
157541
Author
fpi...@apple.com
Date
2013-10-16 16:49:53 -0700 (Wed, 16 Oct 2013)

Log Message

r157411 fails run-_javascript_core-tests when run with Baseline JIT
https://bugs.webkit.org/show_bug.cgi?id=122902

Reviewed by Mark Hahnenberg.
        
It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
didn't. Turns out that there's even a helpful method,
Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!

* jit/Repatch.cpp:
(JSC::tryCachePutByID):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (157540 => 157541)


--- trunk/Source/_javascript_Core/ChangeLog	2013-10-16 23:48:00 UTC (rev 157540)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-10-16 23:49:53 UTC (rev 157541)
@@ -1,3 +1,19 @@
+2013-10-16  Filip Pizlo  <fpi...@apple.com>
+
+        r157411 fails run-_javascript_core-tests when run with Baseline JIT
+        https://bugs.webkit.org/show_bug.cgi?id=122902
+
+        Reviewed by Mark Hahnenberg.
+        
+        It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
+        not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
+        logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
+        didn't. Turns out that there's even a helpful method,
+        Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
+
+        * jit/Repatch.cpp:
+        (JSC::tryCachePutByID):
+
 2013-10-16  Mark Hahnenberg  <mhahnenb...@apple.com>
 
         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock

Modified: trunk/Source/_javascript_Core/jit/Repatch.cpp (157540 => 157541)


--- trunk/Source/_javascript_Core/jit/Repatch.cpp	2013-10-16 23:48:00 UTC (rev 157540)
+++ trunk/Source/_javascript_Core/jit/Repatch.cpp	2013-10-16 23:49:53 UTC (rev 157541)
@@ -949,7 +949,7 @@
     
     if (!slot.isCacheable())
         return false;
-    if (structure->isUncacheableDictionary())
+    if (!structure->propertyAccessesAreCacheable())
         return false;
 
     // Optimize self access.
@@ -1026,7 +1026,7 @@
     
     if (!slot.isCacheable())
         return false;
-    if (structure->isUncacheableDictionary())
+    if (!structure->propertyAccessesAreCacheable())
         return false;
 
     // Optimize self access.

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to