CallLinkInfo inside StructureStubInfo should not use polymorphic stubs
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 Sep 2015 17:25:28 +0000 (17:25 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 Sep 2015 17:25:28 +0000 (17:25 +0000)
commit29aa78a38ab245435ae459aaedd2e3ff46013c75
tree4861e9549abbed0ffa418eecd786d333e0913ebf
parentde341e033f3851b9a0aa55ac79df5037419c1fc7
CallLinkInfo inside StructureStubInfo should not use polymorphic stubs
https://bugs.webkit.org/show_bug.cgi?id=148915

Reviewed by Mark Lam.

There is a subtle bug where if we reset a get_by_id IC that had a getter stub that in
turn had a polymorphic call stub, then the GC won't know to keep the getter stub alive.
This patch documents the bug in a FIXME and disables polymorphic call optimizations for
getters. It also just so happens that the polymorphic call optimizations usually don't
benefit getters, since it's hard to create polymorphism at the point of call without also
introducing polymorphism in the base object's structure.

The added test doesn't reproduce the problem, because it's hard to get the GC to delete
all of the stubs.

* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::setCallLocations):
(JSC::CallLinkInfo::allowStubs):
(JSC::CallLinkInfo::disallowStubs):
(JSC::CallLinkInfo::setUpCallFromFTL):
* jit/Repatch.cpp:
(JSC::generateByIdStub):
(JSC::linkFor):
(JSC::linkPolymorphicCall):
* tests/stress/poly-call-stub-in-getter-stub.js: Added.
(foo):
(makeGetter):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189493 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/CallLinkInfo.h
Source/JavaScriptCore/jit/Repatch.cpp
Source/JavaScriptCore/tests/stress/poly-call-stub-in-getter-stub.js [new file with mode: 0644]