[prev in list] [next in list] [prev in thread] [next in thread]
List: webkit-changes
Subject: [webkit-changes] [259266] branches/safari-610.1.7-branch/Source/JavaScriptCore
From: alancoon () apple ! com
Date: 2020-03-31 2:09:10
Message-ID: 20200331020910.D40F510051CE () svn ! webkit ! org
[Download RAW message or body]
[Attachment #2 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[259266] branches/safari-610.1.7-branch/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: \
verdana,arial,helvetica,sans-serif; font-size: 10pt; } #msg dl a { font-weight: \
bold} #msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: \
bold; } #msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: \
6px; } #logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em \
0; } #logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg \
h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; } \
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; \
} #logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: \
-1.5em; padding-left: 1.5em; } #logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em \
1em 0 1em; background: white;} #logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid \
#fa0; border-bottom: 1px solid #fa0; background: #fff; } #logmsg table th { \
text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted \
#fa0; } #logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: \
0.2em 0.5em; } #logmsg table thead th { text-align: center; border-bottom: 1px solid \
#fa0; } #logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: \
6px; } #patch { width: 100%; }
#patch h4 {font-family: \
verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, \
#patch .copfile {border:1px solid #ccc;margin:10px 0;} #patch ins \
{background:#dfd;text-decoration:none;display:block;padding:0 10px;} #patch del \
{background:#fdd;text-decoration:none;display:block;padding:0 10px;} #patch .lines, \
.info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a \
href="http://trac.webkit.org/projects/webkit/changeset/259266">259266</a></dd> \
<dt>Author</dt> <dd>alancoon@apple.com</dd> <dt>Date</dt> <dd>2020-03-30 19:09:10 \
-0700 (Mon, 30 Mar 2020)</dd> </dl>
<h3>Log Message</h3>
<pre>Cherry-pick <a href="http://trac.webkit.org/projects/webkit/changeset/258344">r258344</a>. \
rdar://problem/61083004
[JSC] Use CacheableIdentifier in ByValInfo
https://bugs.webkit.org/show_bug.cgi?id=208978
Reviewed by Saam Barati.
CodeBlock::finalizeUnconditionally discards JITData. And this includes ByValInfo, \
which holds Identifier. However, finalizeUnconditionally is only guaranteeing that \
the main thread is not working. It can be invoked in the heap thread, and it is not \
not setting the AtomStringTable for this heap thread. If Identifier destroys \
AtomStringImpl, which fails to unregister itself from the table.
In this patch,
1. We explicitly set nullptr for the current AtomStringTable to catch the bug \
as soon as possible in GC end phase.
2. We use CacheableIdentifier in ByValInfo to avoid destroying Identifier in \
CodeBlock::finalizeUnconditionally.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* bytecode/ByValInfo.cpp: Added.
(JSC::ByValInfo::visitAggregate):
* bytecode/ByValInfo.h:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::stronglyVisitStrongReferences):
* bytecode/CodeBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handlePutByVal):
* heap/Heap.cpp:
(JSC::Heap::runEndPhase):
* jit/JIT.h:
* jit/JITOperations.cpp:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitByValIdentifierCheck):
* runtime/CacheableIdentifier.h:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258344 \
268f45cc-cd09-0410-ab3c-d52691b4dbfc</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari61017branchSourceJavaScriptCoreCMakeListstxt">branches/safari-610.1.7-branch/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCoreChangeLog">branches/safari-610.1.7-branch/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCoreJavaScriptCorexcodeprojpro \
jectpbxproj">branches/safari-610.1.7-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCoreSourcestxt">branches/safari-610.1.7-branch/Source/JavaScriptCore/Sources.txt</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCorebytecodeByValInfoh">branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/ByValInfo.h</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCorebytecodeCodeBlockcpp">branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCorebytecodeCodeBlockh">branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/CodeBlock.h</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCoredfgDFGByteCodeParsercpp">b \
ranches/safari-610.1.7-branch/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCoreheapHeapcpp">branches/safari-610.1.7-branch/Source/JavaScriptCore/heap/Heap.cpp</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCorejitJITh">branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JIT.h</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCorejitJITOperationscpp">branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCorejitJITPropertyAccesscpp">b \
ranches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp</a></li>
<li><a href="#branchessafari61017branchSourceJavaScriptCoreruntimeCacheableIdentifier \
h">branches/safari-610.1.7-branch/Source/JavaScriptCore/runtime/CacheableIdentifier.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari61017branchSourceJavaScriptCorebytecodeByValInfocpp">branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/ByValInfo.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari61017branchSourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/CMakeLists.txt (259265 => \
259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/CMakeLists.txt 2020-03-31 \
02:09:05 UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/CMakeLists.txt 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -488,7 +488,6 @@
</span><span class="cx">
</span><span class="cx"> bytecode/ArrayAllocationProfile.h
</span><span class="cx"> bytecode/ArrayProfile.h
</span><del>- bytecode/ByValInfo.h
</del><span class="cx"> bytecode/BytecodeConventions.h
</span><span class="cx"> bytecode/BytecodeIndex.h
</span><span class="cx"> bytecode/BytecodeIntrinsicRegistry.h
</span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/ChangeLog (259265 => \
259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/ChangeLog 2020-03-31 02:09:05 \
UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/ChangeLog 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -1,3 +1,79 @@
</span><ins>+2020-03-30 Alan Coon <alancoon@apple.com>
+
+ Cherry-pick r258344. rdar://problem/61083004
+
+ [JSC] Use CacheableIdentifier in ByValInfo
+ https://bugs.webkit.org/show_bug.cgi?id=208978
+
+ Reviewed by Saam Barati.
+
+ CodeBlock::finalizeUnconditionally discards JITData. And this includes \
ByValInfo, which holds Identifier. + However, finalizeUnconditionally is only \
guaranteeing that the main thread is not working. It can be invoked + in the heap \
thread, and it is not not setting the AtomStringTable for this heap thread. If \
Identifier destroys + AtomStringImpl, which fails to unregister itself from the \
table. +
+ In this patch,
+
+ 1. We explicitly set nullptr for the current AtomStringTable to catch the \
bug as soon as possible in GC end phase. + 2. We use CacheableIdentifier in \
ByValInfo to avoid destroying Identifier in CodeBlock::finalizeUnconditionally. +
+ * CMakeLists.txt:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Sources.txt:
+ * bytecode/ByValInfo.cpp: Added.
+ (JSC::ByValInfo::visitAggregate):
+ * bytecode/ByValInfo.h:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handlePutByVal):
+ * heap/Heap.cpp:
+ (JSC::Heap::runEndPhase):
+ * jit/JIT.h:
+ * jit/JITOperations.cpp:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitByValIdentifierCheck):
+ * runtime/CacheableIdentifier.h:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258344 \
268f45cc-cd09-0410-ab3c-d52691b4dbfc +
+ 2020-03-12 Yusuke Suzuki <ysuzuki@apple.com>
+
+ [JSC] Use CacheableIdentifier in ByValInfo
+ https://bugs.webkit.org/show_bug.cgi?id=208978
+
+ Reviewed by Saam Barati.
+
+ CodeBlock::finalizeUnconditionally discards JITData. And this includes \
ByValInfo, which holds Identifier. + However, finalizeUnconditionally is \
only guaranteeing that the main thread is not working. It can be invoked + \
in the heap thread, and it is not not setting the AtomStringTable for this heap \
thread. If Identifier destroys + AtomStringImpl, which fails to unregister \
itself from the table. +
+ In this patch,
+
+ 1. We explicitly set nullptr for the current AtomStringTable to \
catch the bug as soon as possible in GC end phase. + 2. We use \
CacheableIdentifier in ByValInfo to avoid destroying Identifier in \
CodeBlock::finalizeUnconditionally. +
+ * CMakeLists.txt:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Sources.txt:
+ * bytecode/ByValInfo.cpp: Added.
+ (JSC::ByValInfo::visitAggregate):
+ * bytecode/ByValInfo.h:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handlePutByVal):
+ * heap/Heap.cpp:
+ (JSC::Heap::runEndPhase):
+ * jit/JIT.h:
+ * jit/JITOperations.cpp:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitByValIdentifierCheck):
+ * runtime/CacheableIdentifier.h:
+
</ins><span class="cx"> 2020-03-08 Brady Eidson <beidson@apple.com>
</span><span class="cx">
</span><span class="cx"> Remember completed subranges during incremental PDF \
loading. </span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj \
(259265 => 259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2020-03-31 \
02:09:05 UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -456,7 +456,7 @@
</span><span class="cx"> 0F7DF13C1E2971130095951B /* \
JSDestructibleObjectHeapCellType.h in Headers */ = {isa = PBXBuildFile; fileRef = \
0F7DF13A1E29710E0095951B /* JSDestructibleObjectHeapCellType.h */; settings = \
{ATTRIBUTES = (Private, ); }; }; </span><span class="cx"> 0F7DF1461E2BEF6A0095951B \
/* BlockDirectoryInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = \
0F7DF1451E2BEF680095951B /* BlockDirectoryInlines.h */; settings = {ATTRIBUTES = \
(Private, ); }; }; </span><span class="cx"> 0F7F988C1D9596C800F4F12E /* \
DFGStoreBarrierClusteringPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = \
0F7F988A1D9596C300F4F12E /* DFGStoreBarrierClusteringPhase.h */; }; \
</span><del>- 0F8023EA1613832B00A0BA45 /* ByValInfo.h in Headers */ = {isa = \
PBXBuildFile; fileRef = 0F8023E91613832300A0BA45 /* ByValInfo.h */; settings = \
{ATTRIBUTES = (Private, ); }; }; </del><ins>+ 0F8023EA1613832B00A0BA45 /* \
ByValInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8023E91613832300A0BA45 \
/* ByValInfo.h */; }; </ins><span class="cx"> 0F8335B81639C1EA001443B5 /* \
ArrayAllocationProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = \
0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */; settings = {ATTRIBUTES = \
(Private, ); }; }; </span><span class="cx"> 0F8364B7164B0C110053329A /* \
DFGBranchDirection.h in Headers */ = {isa = PBXBuildFile; fileRef = \
0F8364B5164B0C0E0053329A /* DFGBranchDirection.h */; }; </span><span class="cx"> \
0F86A26F1D6F7B3300CB0C92 /* GCTypeMap.h in Headers */ = {isa = PBXBuildFile; fileRef \
= 0F86A26E1D6F7B3100CB0C92 /* GCTypeMap.h */; }; </span><span class="lines">@@ \
-4951,6 +4951,7 @@ </span><span class="cx"> E355D38E2244686C008F1AD6 /* \
GlobalExecutable.cpp */ = {isa = PBXFileReference; lastKnownFileType = \
sourcecode.cpp.cpp; path = GlobalExecutable.cpp; sourceTree = \
"<group>"; }; </span><span class="cx"> E356987122841183008CDCCB /* \
PackedCellPtr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; \
path = PackedCellPtr.h; sourceTree = "<group>"; }; </span><span \
class="cx"> E35A0B9C220AD87A00AC4474 /* ExecutableBaseInlines.h */ = {isa = \
PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = \
ExecutableBaseInlines.h; sourceTree = "<group>"; }; \
</span><ins>+ E35BA2C0241A0E8C00B67086 /* ByValInfo.cpp */ = {isa = \
PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ByValInfo.cpp; \
sourceTree = "<group>"; }; </ins><span class="cx"> \
E35CA14F1DBC3A5600F83516 /* DOMJITAbstractHeap.cpp */ = {isa = PBXFileReference; \
fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = \
DOMJITAbstractHeap.cpp; sourceTree = "<group>"; }; </span><span \
class="cx"> E35CA1501DBC3A5600F83516 /* DOMJITAbstractHeap.h */ = {isa = \
PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = \
DOMJITAbstractHeap.h; sourceTree = "<group>"; }; </span><span \
class="cx"> E35CA1511DBC3A5600F83516 /* DOMJITHeapRange.cpp */ = {isa = \
PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = \
DOMJITHeapRange.cpp; sourceTree = "<group>"; }; </span><span \
class="lines">@@ -8208,6 +8209,7 @@ </span><span class="cx"> \
E3D264291D38C042000BE174 /* BytecodeRewriter.cpp */, </span><span class="cx"> \
E3D2642A1D38C042000BE174 /* BytecodeRewriter.h */, </span><span class="cx"> \
0F885E101849A3BE00F1E3FA /* BytecodeUseDef.h */, \
</span><ins>+ E35BA2C0241A0E8C00B67086 /* ByValInfo.cpp */, </ins><span \
class="cx"> 0F8023E91613832300A0BA45 /* ByValInfo.h */, </span><span class="cx"> \
0F64B2771A7957B2006E4E66 /* CallEdge.cpp */, </span><span class="cx"> \
0F64B2781A7957B2006E4E66 /* CallEdge.h */, </span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCoreSourcestxt"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/Sources.txt (259265 => \
259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/Sources.txt 2020-03-31 02:09:05 \
UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/Sources.txt 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -195,6 +195,7 @@
</span><span class="cx"> bytecode/ArithProfile.cpp
</span><span class="cx"> bytecode/ArrayAllocationProfile.cpp
</span><span class="cx"> bytecode/ArrayProfile.cpp
</span><ins>+bytecode/ByValInfo.cpp
</ins><span class="cx"> bytecode/BytecodeBasicBlock.cpp
</span><span class="cx"> bytecode/BytecodeDumper.cpp
</span><span class="cx"> bytecode/BytecodeGeneratorification.cpp
</span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCorebytecodeByValInfocpp"></a>
<div class="addfile"><h4>Added: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/ByValInfo.cpp (0 => \
259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/ByValInfo.cpp \
(rev 0)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/ByValInfo.cpp 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -0,0 +1,43 @@
</span><ins>+/*
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ByValInfo.h"
+
+#include "CacheableIdentifierInlines.h"
+#include "JSCInlines.h"
+
+namespace JSC {
+
+#if ENABLE(JIT)
+
+void ByValInfo::visitAggregate(SlotVisitor& visitor)
+{
+ cachedId.visitAggregate(visitor);
+}
+
+#endif // ENABLE(JIT)
+
+} // namespace JSC
</ins></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCorebytecodeByValInfoh"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/ByValInfo.h (259265 => \
259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/ByValInfo.h 2020-03-31 \
02:09:05 UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/ByValInfo.h 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -25,6 +25,7 @@
</span><span class="cx">
</span><span class="cx"> #pragma once
</span><span class="cx">
</span><ins>+#include "CacheableIdentifier.h"
</ins><span class="cx"> #include "ClassInfo.h"
</span><span class="cx"> #include "CodeLocation.h"
</span><span class="cx"> #include "IndexingType.h"
</span><span class="lines">@@ -37,6 +38,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx">
</span><ins>+class ArrayProfile;
</ins><span class="cx"> class StructureStubInfo;
</span><span class="cx">
</span><span class="cx"> enum JITArrayMode : uint8_t {
</span><span class="lines">@@ -242,6 +244,8 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void visitAggregate(SlotVisitor&);
+
</ins><span class="cx"> CodeLocationJump<JSInternalPtrTag> notIndexJump;
</span><span class="cx"> CodeLocationJump<JSInternalPtrTag> badTypeJump;
</span><span class="cx"> CodeLocationLabel<ExceptionHandlerPtrTag> \
exceptionHandler; </span><span class="lines">@@ -252,8 +256,7 @@
</span><span class="cx"> BytecodeIndex bytecodeIndex;
</span><span class="cx"> unsigned slowPathCount;
</span><span class="cx"> RefPtr<JITStubRoutine> stubRoutine;
</span><del>- Identifier cachedId;
- WriteBarrier<Symbol> cachedSymbol;
</del><ins>+ CacheableIdentifier cachedId; // Once we set cachedId, we must not \
change the value. JIT code relies on that configured cachedId is marked and retained \
by CodeBlock through ByValInfo. </ins><span class="cx"> StructureStubInfo* \
stubInfo; </span><span class="cx"> JITArrayMode arrayMode; // The array mode that \
was baked into the inline JIT code. </span><span class="cx"> bool tookSlowPath : \
1; </span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp (259265 \
=> 259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2020-03-31 \
02:09:05 UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx">
</span><span class="cx"> #include "ArithProfile.h"
</span><span class="cx"> #include "BasicBlockLocation.h"
</span><ins>+#include "ByValInfo.h"
</ins><span class="cx"> #include "BytecodeDumper.h"
</span><span class="cx"> #include "BytecodeGenerator.h"
</span><span class="cx"> #include "BytecodeLivenessAnalysis.h"
</span><span class="lines">@@ -1688,7 +1689,7 @@
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> if (auto* jitData = m_jitData.get()) {
</span><span class="cx"> for (ByValInfo* byValInfo : \
jitData->m_byValInfos) </span><del>- \
visitor.append(byValInfo->cachedSymbol); </del><ins>+ \
byValInfo->visitAggregate(visitor); </ins><span class="cx"> for \
(StructureStubInfo* stubInfo : jitData->m_stubInfos) </span><span class="cx"> \
stubInfo->visitAggregate(visitor); </span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCorebytecodeCodeBlockh"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/CodeBlock.h (259265 => \
259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/CodeBlock.h 2020-03-31 \
02:09:05 UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/bytecode/CodeBlock.h 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -30,7 +30,6 @@
</span><span class="cx"> #pragma once
</span><span class="cx">
</span><span class="cx"> #include "ArrayProfile.h"
</span><del>-#include "ByValInfo.h"
</del><span class="cx"> #include "BytecodeConventions.h"
</span><span class="cx"> #include "CallLinkInfo.h"
</span><span class="cx"> #include "CodeBlockHash.h"
</span><span class="lines">@@ -95,6 +94,7 @@
</span><span class="cx"> class PCToCodeOriginMap;
</span><span class="cx"> class RegisterAtOffsetList;
</span><span class="cx"> class StructureStubInfo;
</span><ins>+struct ByValInfo;
</ins><span class="cx">
</span><span class="cx"> DECLARE_ALLOCATOR_WITH_HEAP_IDENTIFIER(CodeBlockRareData);
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp \
(259265 => 259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2020-03-31 \
02:09:05 UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx"> #include "ArrayConstructor.h"
</span><span class="cx"> #include "BasicBlockLocation.h"
</span><span class="cx"> #include "BuiltinNames.h"
</span><ins>+#include "ByValInfo.h"
</ins><span class="cx"> #include "BytecodeGenerator.h"
</span><span class="cx"> #include "BytecodeUseDef.h"
</span><span class="cx"> #include "CacheableIdentifierInlines.h"
</span><span class="lines">@@ -7576,13 +7577,15 @@
</span><span class="cx"> && \
!m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadType) </span><span \
class="cx"> && \
!m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadCell)) { \
</span><span class="cx"> compiledAsPutById = true; </span><del>- \
identifierNumber = m_graph.identifiers().ensure(byValInfo->cachedId.impl()); \
</del><ins>+ identifierNumber = \
m_graph.identifiers().ensure(byValInfo->cachedId.uid()); </ins><span class="cx"> \
UniquedStringImpl* uid = m_graph.identifiers()[identifierNumber]; </span><ins>+ \
FrozenValue* frozen = nullptr; + if (byValInfo->cachedId.isCell())
+ frozen = m_graph.freezeStrong(byValInfo->cachedId.cell());
</ins><span class="cx">
</span><del>- if (Symbol* symbol = byValInfo->cachedSymbol.get()) {
- FrozenValue* frozen = m_graph.freezeStrong(symbol);
</del><ins>+ if (byValInfo->cachedId.isSymbolCell())
</ins><span class="cx"> addToGraph(CheckCell, OpInfo(frozen), \
property); </span><del>- } else {
</del><ins>+ else {
</ins><span class="cx"> ASSERT(!uid->isSymbol());
</span><span class="cx"> addToGraph(CheckIdent, OpInfo(uid), \
property); </span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCoreheapHeapcpp"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/heap/Heap.cpp (259265 => \
259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/heap/Heap.cpp 2020-03-31 \
02:09:05 UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/heap/Heap.cpp 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -86,6 +86,7 @@
</span><span class="cx"> #include <wtf/ParallelVectorIterator.h>
</span><span class="cx"> #include <wtf/ProcessID.h>
</span><span class="cx"> #include <wtf/RAMSize.h>
</span><ins>+#include <wtf/Scope.h>
</ins><span class="cx"> #include <wtf/SimpleStats.h>
</span><span class="cx"> #include <wtf/Threading.h>
</span><span class="cx">
</span><span class="lines">@@ -1494,23 +1495,31 @@
</span><span class="cx">
</span><span class="cx"> updateObjectCounts();
</span><span class="cx"> endMarking();
</span><del>-
</del><ins>+
</ins><span class="cx"> if (UNLIKELY(m_verifier)) {
</span><span class="cx"> \
m_verifier->gatherLiveCells(HeapVerifier::Phase::AfterMarking); </span><span \
class="cx"> m_verifier->verify(HeapVerifier::Phase::AfterMarking); \
</span><span class="cx"> } </span><span class="cx">
</span><del>- if (vm().typeProfiler())
- vm().typeProfiler()->invalidateTypeSetCache(vm());
</del><ins>+ {
+ auto* previous = Thread::current().setCurrentAtomStringTable(nullptr);
+ auto scopeExit = makeScopeExit([&] {
+ Thread::current().setCurrentAtomStringTable(previous);
+ });
</ins><span class="cx">
</span><del>- m_structureIDTable.flushOldTables();
</del><ins>+ if (vm().typeProfiler())
+ vm().typeProfiler()->invalidateTypeSetCache(vm());
</ins><span class="cx">
</span><del>- reapWeakHandles();
- pruneStaleEntriesFromWeakGCMaps();
- sweepArrayBuffers();
- snapshotUnswept();
- finalizeUnconditionalFinalizers(); // We rely on these unconditional finalizers \
running before clearCurrentlyExecuting since CodeBlock's finalizer relies on querying \
currently executing.
- removeDeadCompilerWorklistEntries();
</del><ins>+ m_structureIDTable.flushOldTables();
+
+ reapWeakHandles();
+ pruneStaleEntriesFromWeakGCMaps();
+ sweepArrayBuffers();
+ snapshotUnswept();
+ finalizeUnconditionalFinalizers(); // We rely on these unconditional \
finalizers running before clearCurrentlyExecuting since CodeBlock's finalizer relies \
on querying currently executing. + removeDeadCompilerWorklistEntries();
+ }
+
</ins><span class="cx"> notifyIncrementalSweeper();
</span><span class="cx">
</span><span class="cx"> m_codeBlocks->iterateCurrentlyExecuting(
</span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCorejitJITh"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JIT.h (259265 => \
259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JIT.h 2020-03-31 02:09:05 \
UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JIT.h 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -37,6 +37,7 @@
</span><span class="cx">
</span><span class="cx"> #define ASSERT_JIT_OFFSET(actual, expected) \
ASSERT_WITH_MESSAGE(actual == expected, "JIT Offset \"%s\" should be \
%d, not %d.\n", #expected, static_cast<int>(expected), \
static_cast<int>(actual)); </span><span class="cx">
</span><ins>+#include "ByValInfo.h"
</ins><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CommonSlowPaths.h"
</span><span class="cx"> #include "JITDisassembler.h"
</span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JITOperations.cpp (259265 => \
259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JITOperations.cpp 2020-03-31 \
02:09:05 UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JITOperations.cpp 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -678,11 +678,6 @@
</span><span class="cx"> repatchPutByID(globalObject, codeBlock, baseObject, \
structure, ident, slot, *stubInfo, Direct); </span><span class="cx"> }
</span><span class="cx">
</span><del>-ALWAYS_INLINE static bool isStringOrSymbol(JSValue value)
-{
- return value.isString() || value.isSymbol();
-}
-
</del><span class="cx"> static void putByVal(JSGlobalObject* globalObject, CodeBlock* \
codeBlock, JSValue baseValue, JSValue subscript, JSValue value, ByValInfo* byValInfo) \
</span><span class="cx"> { </span><span class="cx"> VM& vm = \
globalObject->vm(); </span><span class="lines">@@ -716,7 +711,7 @@
</span><span class="cx"> // Don't put to an object if toString threw an \
exception. </span><span class="cx"> RETURN_IF_EXCEPTION(scope, void());
</span><span class="cx">
</span><del>- if (byValInfo->stubInfo && (!isStringOrSymbol(subscript) \
|| byValInfo->cachedId != property)) </del><ins>+ if (byValInfo->stubInfo \
&& (!CacheableIdentifier::isCacheableIdentifierCell(subscript) || \
byValInfo->cachedId.uid() != property)) </ins><span class="cx"> \
byValInfo->tookSlowPath = true; </span><span class="cx">
</span><span class="cx"> scope.release();
</span><span class="lines">@@ -776,7 +771,7 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (byValInfo->stubInfo && (!isStringOrSymbol(subscript) \
|| byValInfo->cachedId != property)) </del><ins>+ if (byValInfo->stubInfo \
&& (!CacheableIdentifier::isCacheableIdentifierCell(subscript) || \
byValInfo->cachedId.uid() != property)) </ins><span class="cx"> \
byValInfo->tookSlowPath = true; </span><span class="cx">
</span><span class="cx"> scope.release();
</span><span class="lines">@@ -827,7 +822,7 @@
</span><span class="cx"> optimizationResult = OptimizationResult::GiveUp;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (baseValue.isObject() && isStringOrSymbol(subscript)) {
</del><ins>+ if (baseValue.isObject() && \
CacheableIdentifier::isCacheableIdentifierCell(subscript)) { </ins><span class="cx"> \
const Identifier propertyName = subscript.toPropertyKey(globalObject); </span><span \
class="cx"> RETURN_IF_EXCEPTION(scope, OptimizationResult::GiveUp); \
</span><span class="cx"> if (subscript.isSymbol() || \
!parseIndex(propertyName)) { </span><span class="lines">@@ -834,7 +829,7 @@
</span><span class="cx"> ASSERT(callFrame->bytecodeIndex() != \
BytecodeIndex(0)); </span><span class="cx"> \
ASSERT(!byValInfo->stubRoutine); </span><span class="cx"> if \
(byValInfo->seen) { </span><del>- if (byValInfo->cachedId == \
propertyName) { </del><ins>+ if (byValInfo->cachedId.uid() == \
propertyName) { </ins><span class="cx"> \
JIT::compilePutByValWithCachedId<OpPutByVal>(vm, codeBlock, byValInfo, \
returnAddress, NotDirect, propertyName); </span><span class="cx"> \
optimizationResult = OptimizationResult::Optimized; </span><span class="cx"> \
} else { </span><span class="lines">@@ -842,12 +837,13 @@
</span><span class="cx"> optimizationResult = \
OptimizationResult::GiveUp; </span><span class="cx"> }
</span><span class="cx"> } else {
</span><del>- ConcurrentJSLocker locker(codeBlock->m_lock);
- byValInfo->seen = true;
- byValInfo->cachedId = propertyName;
- if (subscript.isSymbol())
- byValInfo->cachedSymbol.set(vm, codeBlock, \
asSymbol(subscript));
- optimizationResult = OptimizationResult::SeenOnce;
</del><ins>+ {
+ ConcurrentJSLocker locker(codeBlock->m_lock);
+ byValInfo->seen = true;
+ byValInfo->cachedId = \
CacheableIdentifier::createFromCell(subscript.asCell()); + \
optimizationResult = OptimizationResult::SeenOnce; + }
+ vm.heap.writeBarrier(codeBlock, subscript.asCell());
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="lines">@@ -916,7 +912,7 @@
</span><span class="cx"> // If we failed to patch and we have some object \
that intercepts indexed get, then don't even wait until 10 times. </span><span \
class="cx"> if (optimizationResult != OptimizationResult::Optimized \
&& object->structure(vm)->typeInfo().interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero())
</span><span class="cx"> optimizationResult = \
OptimizationResult::GiveUp; </span><del>- } else if (isStringOrSymbol(subscript)) \
{ </del><ins>+ } else if \
(CacheableIdentifier::isCacheableIdentifierCell(subscript)) { </ins><span class="cx"> \
const Identifier propertyName = subscript.toPropertyKey(globalObject); </span><span \
class="cx"> RETURN_IF_EXCEPTION(scope, OptimizationResult::GiveUp); \
</span><span class="cx"> if (subscript.isSymbol() || \
!parseIndex(propertyName)) { </span><span class="lines">@@ -923,7 +919,7 @@
</span><span class="cx"> ASSERT(callFrame->bytecodeIndex() != \
BytecodeIndex(0)); </span><span class="cx"> \
ASSERT(!byValInfo->stubRoutine); </span><span class="cx"> if \
(byValInfo->seen) { </span><del>- if (byValInfo->cachedId == \
propertyName) { </del><ins>+ if (byValInfo->cachedId.uid() == \
propertyName) { </ins><span class="cx"> \
JIT::compilePutByValWithCachedId<OpPutByValDirect>(vm, codeBlock, byValInfo, \
returnAddress, Direct, propertyName); </span><span class="cx"> \
optimizationResult = OptimizationResult::Optimized; </span><span class="cx"> \
} else { </span><span class="lines">@@ -931,12 +927,13 @@
</span><span class="cx"> optimizationResult = \
OptimizationResult::GiveUp; </span><span class="cx"> }
</span><span class="cx"> } else {
</span><del>- ConcurrentJSLocker locker(codeBlock->m_lock);
- byValInfo->seen = true;
- byValInfo->cachedId = propertyName;
- if (subscript.isSymbol())
- byValInfo->cachedSymbol.set(vm, codeBlock, \
asSymbol(subscript));
- optimizationResult = OptimizationResult::SeenOnce;
</del><ins>+ {
+ ConcurrentJSLocker locker(codeBlock->m_lock);
+ byValInfo->seen = true;
+ byValInfo->cachedId = \
CacheableIdentifier::createFromCell(subscript.asCell()); + \
optimizationResult = OptimizationResult::SeenOnce; + }
+ vm.heap.writeBarrier(codeBlock, subscript.asCell());
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCorejitJITPropertyAccesscpp"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp \
(259265 => 259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2020-03-31 \
02:09:05 UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -1285,14 +1285,14 @@
</span><span class="cx"> ownerIsRememberedOrInEden.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT::emitByValIdentifierCheck(ByValInfo* byValInfo, RegisterID \
cell, RegisterID scratch, const Identifier& propertyName, JumpList& \
slowCases) </del><ins>+void JIT::emitByValIdentifierCheck(ByValInfo* byValInfo, \
RegisterID cell, RegisterID scratch, const Identifier&, JumpList& slowCases) \
</ins><span class="cx"> { </span><del>- if (propertyName.isSymbol())
- slowCases.append(branchPtr(NotEqual, cell, \
TrustedImmPtr(byValInfo->cachedSymbol.get()))); </del><ins>+ if \
(byValInfo->cachedId.isSymbolCell()) + slowCases.append(branchPtr(NotEqual, \
cell, TrustedImmPtr(byValInfo->cachedId.cell()))); </ins><span class="cx"> \
else { </span><span class="cx"> slowCases.append(branchIfNotString(cell));
</span><span class="cx"> loadPtr(Address(cell, JSString::offsetOfValue()), \
scratch); </span><del>- slowCases.append(branchPtr(NotEqual, scratch, \
TrustedImmPtr(propertyName.impl()))); </del><ins>+ \
slowCases.append(branchPtr(NotEqual, scratch, \
TrustedImmPtr(byValInfo->cachedId.uid()))); </ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari61017branchSourceJavaScriptCoreruntimeCacheableIdentifierh"></a>
<div class="modfile"><h4>Modified: \
branches/safari-610.1.7-branch/Source/JavaScriptCore/runtime/CacheableIdentifier.h \
(259265 => 259266)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/safari-610.1.7-branch/Source/JavaScriptCore/runtime/CacheableIdentifier.h 2020-03-31 \
02:09:05 UTC (rev 259265)
+++ branches/safari-610.1.7-branch/Source/JavaScriptCore/runtime/CacheableIdentifier.h 2020-03-31 \
02:09:10 UTC (rev 259266) </span><span class="lines">@@ -96,7 +96,7 @@
</span><span class="cx"> // unpolluted, and therefore, it can be scanned by our \
conservative GC to keep the </span><span class="cx"> // cell alive when the \
CacheableIdentifier is on the stack. </span><span class="cx"> static constexpr \
uintptr_t s_uidTag = 1; </span><del>- uintptr_t m_bits;
</del><ins>+ uintptr_t m_bits { 0 };
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre>
</div>
</div>
</body>
</html>
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic