Ignore:
Timestamp:
Dec 16, 2014, 12:11:00 PM (11 years ago)
Author:
[email protected]
Message:

Fixes operationPutByIdOptimizes such that they check that the put didn't
change the structure of the object who's property access is being
cached.
https://bugs.webkit.org/show_bug.cgi?id=139500

Reviewed by Geoffrey Garen.

  • jit/JITOperations.cpp:

(JSC::operationPutByIdStrictOptimize): saved the structure before the put.
(JSC::operationPutByIdNonStrictOptimize): ditto.
(JSC::operationPutByIdDirectStrictOptimize): ditto.
(JSC::operationPutByIdDirectNonStrictOptimize): ditto.

  • jit/Repatch.cpp:

(JSC::tryCachePutByID): Added argument for the old structure
(JSC::repatchPutByID): Added argument for the old structure

  • jit/Repatch.h:
  • tests/stress/put-by-id-build-list-order-recurse.js:

Added test that fails without this patch.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jit/JITOperations.cpp

    r177146 r177380  
    274274    JSValue baseValue = JSValue::decode(encodedBase);
    275275    PutPropertySlot slot(baseValue, true, exec->codeBlock()->putByIdContext());
    276    
     276
     277    Structure* structure = baseValue.isCell() ? baseValue.asCell()->structure(*vm) : nullptr;
    277278    baseValue.put(exec, ident, value, slot);
    278279   
     
    281282   
    282283    if (stubInfo->seen)
    283         repatchPutByID(exec, baseValue, ident, slot, *stubInfo, NotDirect);
     284        repatchPutByID(exec, baseValue, structure, ident, slot, *stubInfo, NotDirect);
    284285    else
    285286        stubInfo->seen = true;
     
    297298    JSValue baseValue = JSValue::decode(encodedBase);
    298299    PutPropertySlot slot(baseValue, false, exec->codeBlock()->putByIdContext());
    299    
     300
     301    Structure* structure = baseValue.isCell() ? baseValue.asCell()->structure(*vm) : nullptr;   
    300302    baseValue.put(exec, ident, value, slot);
    301303   
     
    304306   
    305307    if (stubInfo->seen)
    306         repatchPutByID(exec, baseValue, ident, slot, *stubInfo, NotDirect);
     308        repatchPutByID(exec, baseValue, structure, ident, slot, *stubInfo, NotDirect);
    307309    else
    308310        stubInfo->seen = true;
     
    321323    PutPropertySlot slot(baseObject, true, exec->codeBlock()->putByIdContext());
    322324   
     325    Structure* structure = baseObject->structure(*vm);
    323326    baseObject->putDirect(exec->vm(), ident, value, slot);
    324327   
     
    327330   
    328331    if (stubInfo->seen)
    329         repatchPutByID(exec, baseObject, ident, slot, *stubInfo, Direct);
     332        repatchPutByID(exec, baseObject, structure, ident, slot, *stubInfo, Direct);
    330333    else
    331334        stubInfo->seen = true;
     
    344347    PutPropertySlot slot(baseObject, false, exec->codeBlock()->putByIdContext());
    345348   
     349    Structure* structure = baseObject->structure(*vm);
    346350    baseObject->putDirect(exec->vm(), ident, value, slot);
    347351   
     
    350354   
    351355    if (stubInfo->seen)
    352         repatchPutByID(exec, baseObject, ident, slot, *stubInfo, Direct);
     356        repatchPutByID(exec, baseObject, structure, ident, slot, *stubInfo, Direct);
    353357    else
    354358        stubInfo->seen = true;
Note: See TracChangeset for help on using the changeset viewer.