FTL keepAlive()'s patchpoint should also declare that it reads HeapRange::top().
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 28 Jun 2019 00:26:35 +0000 (00:26 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 28 Jun 2019 00:26:35 +0000 (00:26 +0000)
commit7e7d2b43a4ae6ab8ce0b94cf8fd7ca7936305c00
treecacccfc495a905f344db1d660404fda370d652b0
parent25d44ed719aacf79dd2f94811a732e0a1e3aa74f
FTL keepAlive()'s patchpoint should also declare that it reads HeapRange::top().
https://bugs.webkit.org/show_bug.cgi?id=199291

Reviewed by Yusuke Suzuki and Filip Pizlo.

The sole purpose of keepAlive() is to communicate to B3 that an LValue
needs to be kept alive past the last opportunity for a GC.  The only way
we can get a GC is via a function call.  Hence, what keepAlive() really
needs to communicate is that the LValue needs to be kept alive past the
last function call.  Function calls read and write HeapRange::top().
Currently, B3 does not shuffle writes.  Hence, simply inserting the
keepAlive() after the calls that can GC is sufficient.

But to be strictly correct, keepAlive() should also declare that it reads
HeapRange::top().  This will guarantee that the keepAlive patchpoint won't
ever be moved before the function call should B3 gain the ability to shuffle
writes in the future.

* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::keepAlive):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246910 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp