Title: [241806] releases/WebKitGTK/webkit-2.24/Source/_javascript_Core
- Revision
- 241806
- Author
- carlo...@webkit.org
- Date
- 2019-02-20 04:44:58 -0800 (Wed, 20 Feb 2019)
Log Message
Merge r241772 - Fix DFG doesGC() for TryGetById and ProfileType nodes.
https://bugs.webkit.org/show_bug.cgi?id=194821
<rdar://problem/48206690>
Reviewed by Saam Barati.
Fix doesGC() for the following nodes:
ProfileType:
calls operationProcessTypeProfilerLogDFG(), which can calculatedClassName(),
which can call JSString::tryGetValue(), which can resolve a rope.
TryGetById:
calls operationTryGetByIdOptimize(), which can startWatchingPropertyForReplacements()
on a structure, which can allocate StructureRareData.
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog (241805 => 241806)
--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog 2019-02-20 12:44:54 UTC (rev 241805)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/ChangeLog 2019-02-20 12:44:58 UTC (rev 241806)
@@ -1,3 +1,24 @@
+2019-02-19 Mark Lam <mark....@apple.com>
+
+ Fix DFG doesGC() for TryGetById and ProfileType nodes.
+ https://bugs.webkit.org/show_bug.cgi?id=194821
+ <rdar://problem/48206690>
+
+ Reviewed by Saam Barati.
+
+ Fix doesGC() for the following nodes:
+
+ ProfileType:
+ calls operationProcessTypeProfilerLogDFG(), which can calculatedClassName(),
+ which can call JSString::tryGetValue(), which can resolve a rope.
+
+ TryGetById:
+ calls operationTryGetByIdOptimize(), which can startWatchingPropertyForReplacements()
+ on a structure, which can allocate StructureRareData.
+
+ * dfg/DFGDoesGC.cpp:
+ (JSC::DFG::doesGC):
+
2019-02-18 Yusuke Suzuki <ysuz...@apple.com>
[JSC] Introduce JSNonDestructibleProxy for _javascript_Core.framework's GlobalThis
Modified: releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/dfg/DFGDoesGC.cpp (241805 => 241806)
--- releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2019-02-20 12:44:54 UTC (rev 241805)
+++ releases/WebKitGTK/webkit-2.24/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2019-02-20 12:44:58 UTC (rev 241806)
@@ -109,7 +109,6 @@
case ArithTrunc:
case ArithFRound:
case ArithUnary:
- case TryGetById:
case CheckStructure:
case CheckStructureOrEmpty:
case CheckStructureImmediate:
@@ -136,7 +135,6 @@
case CompareBelow:
case CompareBelowEq:
case CompareEqPtr:
- case ProfileType:
case ProfileControlFlow:
case OverridesHasInstance:
case IsEmpty:
@@ -293,6 +291,7 @@
case LoadVarargs:
case NumberToStringWithRadix:
case NumberToStringWithValidRadixConstant:
+ case ProfileType:
case PutById:
case PutByIdDirect:
case PutByIdFlush:
@@ -327,6 +326,7 @@
case ToObject:
case ToPrimitive:
case ToThis:
+ case TryGetById:
case CreateThis:
case ObjectCreate:
case ObjectKeys:
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
