PolymorphicAccess should remember that it checked an ObjectPropertyCondition with...
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Sep 2015 19:23:58 +0000 (19:23 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Sep 2015 19:23:58 +0000 (19:23 +0000)
commit77e85c5e1dd69e0d6fb2822309cb97411999dd9a
tree7f663ec750325c0527da38caadc6ff6946cf7225
parent5f39bf8a71b9d7eaa0f8ce0bbdd27fea2c84bf2c
PolymorphicAccess should remember that it checked an ObjectPropertyCondition with a check on some structure
https://bugs.webkit.org/show_bug.cgi?id=149514

Reviewed by Oliver Hunt.

When we checked an ObjectPropertyCondition using an explicit structure check, we would forget to
note the structure in any weak reference table and we would attempt to regenerate the condition
check even if the condition became invalid.

We need to account for this better and we need to prune AccessCases that have an invalid condition
set. This change does both.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessGenerationState::addWatchpoint):
(JSC::AccessCase::alternateBase):
(JSC::AccessCase::couldStillSucceed):
(JSC::AccessCase::canReplace):
(JSC::AccessCase::generate):
(JSC::PolymorphicAccess::regenerateWithCases):
(JSC::PolymorphicAccess::visitWeak):
(JSC::PolymorphicAccess::regenerate):
* bytecode/PolymorphicAccess.h:
(JSC::AccessCase::callLinkInfo):
* tests/stress/make-dictionary-repatch.js: Added. This used to crash on a release assert. If we removed the release assert, this would return bad results.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190215 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
Source/JavaScriptCore/bytecode/PolymorphicAccess.h
Source/JavaScriptCore/tests/stress/make-dictionary-repatch.js [new file with mode: 0644]