Skip to site navigation (Press enter)

[webkit-changes] [239536] trunk/Source/JavaScriptCore

yusukesuzuki Fri, 21 Dec 2018 22:40:41 -0800

Title: [239536] trunk/Source/_javascript_Core

Revision: 239536
Author: yusukesuz...@slowstart.org
Date: 2018-12-21 22:39:23 -0800 (Fri, 21 Dec 2018)

Log Message

[JSC] Use appendUnbarriered for cached own keys
https://bugs.webkit.org/show_bug.cgi?id=192981


Reviewed by Saam Barati.

m_cachedOwnKeys would be changed to sentinel after checking `thisObject->m_cachedOwnKeys.unvalidatedGet() != cachedOwnKeysSentinel()`
and before executing `visitor.append(thisObject->m_cachedOwnKeys)`. We never do this now, but might in the future.
To make the code safe, we should use appendUnbarriered to mark non sentinel cell.

* runtime/StructureRareData.cpp:
(JSC::StructureRareData::visitChildren):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/StructureRareData.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (239535 => 239536)


--- trunk/Source/_javascript_Core/ChangeLog	2018-12-22 06:37:39 UTC (rev 239535)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-12-22 06:39:23 UTC (rev 239536)
@@ -1,3 +1,17 @@
+2018-12-21  Yusuke Suzuki  <yusukesuz...@slowstart.org>
+
+        [JSC] Use appendUnbarriered for cached own keys
+        https://bugs.webkit.org/show_bug.cgi?id=192981
+
+        Reviewed by Saam Barati.
+
+        m_cachedOwnKeys would be changed to sentinel after checking `thisObject->m_cachedOwnKeys.unvalidatedGet() != cachedOwnKeysSentinel()`
+        and before executing `visitor.append(thisObject->m_cachedOwnKeys)`. We never do this now, but might in the future.
+        To make the code safe, we should use appendUnbarriered to mark non sentinel cell.
+
+        * runtime/StructureRareData.cpp:
+        (JSC::StructureRareData::visitChildren):
+
 2018-12-20  Yusuke Suzuki  <yusukesuz...@slowstart.org>
 
         Use Ref<> as much as possible

Modified: trunk/Source/_javascript_Core/runtime/StructureRareData.cpp (239535 => 239536)


--- trunk/Source/_javascript_Core/runtime/StructureRareData.cpp	2018-12-22 06:37:39 UTC (rev 239535)
+++ trunk/Source/_javascript_Core/runtime/StructureRareData.cpp	2018-12-22 06:39:23 UTC (rev 239536)
@@ -71,8 +71,9 @@
     visitor.append(thisObject->m_previous);
     visitor.append(thisObject->m_objectToStringValue);
     visitor.append(thisObject->m_cachedPropertyNameEnumerator);
-    if (thisObject->m_cachedOwnKeys.unvalidatedGet() != cachedOwnKeysSentinel())
-        visitor.append(thisObject->m_cachedOwnKeys);
+    auto* cachedOwnKeys = thisObject->m_cachedOwnKeys.unvalidatedGet();
+    if (cachedOwnKeys != cachedOwnKeysSentinel())
+        visitor.appendUnbarriered(cachedOwnKeys);
 }
 
 // ----------- Object.prototype.toString() helper watchpoint classes -----------

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes