Context Navigation

← Previous Change
Next Change →

DFGGraph.h

Timestamp:

May 22, 2022, 3:00:56 AM (3 years ago)

Author:

Message:

Clear StructureCache if it has Structure with relevant JSGlobalObjects
https://bugs.webkit.org/show_bug.cgi?id=240768
rdar://93232129

Reviewed by Saam Barati.

We need to clear Structures in StructureCache when having-a-bad-time: it is possible that Structure could have this have-a-bad-time
relevant JSGlobalObjects in its prototype chain. We are clearing it for InternalFunction's allocation cache. We should do the
same thing for JSGlobalObject's StructureCache.

This patch adds new watchpoint, structureCacheClearedWatchpoint. And use it in DFG. This watchpoint fires when the cache is cleared,
and it can happen even though JSGlobalObject is not getting have-a-bad-time.

JSTests/stress/global-object-have-a-bad-time-dependency.js: Added.

(shouldBe):
(cons):

Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

Source/JavaScriptCore/runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::fireWatchpointAndMakeAllArrayStructuresSlowPut):
(JSC::JSGlobalObject::clearStructureCache):

Source/JavaScriptCore/runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::structureCacheClearedWatchpoint):
(JSC::JSGlobalObject::isStructureCacheCleared const):

Source/JavaScriptCore/runtime/StructureCache.h:

(JSC::StructureCache::forEach):

Source/JavaScriptCore/runtime/WeakGCMap.h:

Canonical link: https://commits.webkit.org/250845@main

File:

: 1 edited

trunk/Source/JavaScriptCore/dfg/DFGGraph.h (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/dfg/DFGGraph.h

-              r292929
+              r294619
         JSGlobalObject* globalObject = globalObjectFor(node->origin.semantic);
         InlineWatchpointSet& set = globalObject->numberToStringWatchpointSet();
+        return isWatchingGlobalObjectWatchpoint(globalObject, set);
+    }
+    bool isWatchingStructureCacheClearedWatchpoint(JSGlobalObject* globalObject)
+    {
+        if (m_plan.isUnlinked())
+            return false;
+        InlineWatchpointSet& set = globalObject->structureCacheClearedWatchpoint();
         return isWatchingGlobalObjectWatchpoint(globalObject, set);
+    }

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 294619 in webkit for trunk/Source/JavaScriptCore/dfg/DFGGraph.h

Legend:

trunk/Source/JavaScriptCore/dfg/DFGGraph.h

Download in other formats: