DoesGC rule is wrong for nodes with BigIntUse
authorticaiolima@gmail.com <ticaiolima@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 21 Jan 2019 23:57:25 +0000 (23:57 +0000)
committerticaiolima@gmail.com <ticaiolima@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 21 Jan 2019 23:57:25 +0000 (23:57 +0000)
commit5483c5e1856bc6b39a60c7f51a2425102fc9e48d
tree1beb4f12122e4b2b49b2b5daf044afeec35acc3a
parent0cea030755e50680d5b9c3b512cb430e67eacdf9
DoesGC rule is wrong for nodes with BigIntUse
https://bugs.webkit.org/show_bug.cgi?id=193652

Reviewed by Saam Barati.

JSTests:

* stress/big-int-value-op-update-gc-rules.js: Added.
(assert):
(doesGCAdd):
(doesGCSub):
(doesGCDiv):
(doesGCMul):
(doesGCBitAnd):
(doesGCBitOr):
(doesGCBitXor):

Source/JavaScriptCore:

Former rule was that ValueOp does not GC. However this is wrong, since
these operations can trigger GC and mess up memory management. In the end, this
will generate wrong code because we will have wrong GC epoch value during
Store Barrier Insertion phase.
We changed this to consider BigIntUse for such nodes and properly return true when
they are BigIntUse.

* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240244 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/big-int-value-op-update-gc-rules.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGDoesGC.cpp