Ignore:
Timestamp:
Oct 20, 2021, 3:08:45 PM (4 years ago)
Author:
Justin Michaud
Message:

We should watch isHavingABadTime if we read from the structureCache
https://bugs.webkit.org/show_bug.cgi?id=232019

Reviewed by Yusuke Suzuki.

We should lock the structure cache when we clear it, and the compiler thread should
watch isHavingABadTime in the case that the cache might get cleared.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::haveABadTime):

  • runtime/StructureCache.cpp:

(JSC::StructureCache::clear):

  • runtime/StructureCache.h:

(JSC::StructureCache::clear): Deleted.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp

    r284330 r284576  
    842842                    if (base.isNull())
    843843                        structure = globalObject->nullPrototypeObjectStructure();
    844                     else if (base.isObject())
    845                         structure = globalObject->vm().structureCache.emptyObjectStructureConcurrently(globalObject, base.getObject(), JSFinalObject::defaultInlineCapacity());
     844                    else if (base.isObject()) {
     845                        // Having a bad time clears the structureCache, and so it should invalidate this structure.
     846                        bool isHavingABadTime = globalObject->isHavingABadTime();
     847                        WTF::loadLoadFence();
     848                        if (!isHavingABadTime)
     849                            m_graph.watchpoints().addLazily(globalObject->havingABadTimeWatchpoint());
     850                        // Normally, we would always install a watchpoint. In this case, however, if we haveABadTime, we
     851                        // still want to optimize. There is no watchpoint for that case though, so we need to make sure this load
     852                        // does not get hoisted above the check.
     853                        WTF::loadLoadFence();
     854                        structure = globalObject->vm().structureCache
     855                            .emptyObjectStructureConcurrently(globalObject, base.getObject(), JSFinalObject::defaultInlineCapacity());
     856                    }
    846857                   
    847858                    if (structure) {
Note: See TracChangeset for help on using the changeset viewer.