StructureStubInfo::considerCaching() should write barrier its owner CodeBlock when...
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 10 Feb 2017 21:34:27 +0000 (21:34 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 10 Feb 2017 21:34:27 +0000 (21:34 +0000)
commitb8a1108f3fb6f5dcddadfba318dee81cc6eac395
tree33bfba91b53002c7f144ae591ac4a801eeeeae59
parenta010ea7fca7967c5e7ca538032894188f5b45b0c
StructureStubInfo::considerCaching() should write barrier its owner CodeBlock when buffering a new Structure.
https://bugs.webkit.org/show_bug.cgi?id=168137
<rdar://problem/28656664>

Reviewed by Filip Pizlo.

If we're adding a new structure to StructureStubInfo's bufferedStructures, we
should write barrier the StubInfo's owner CodeBlock because that structure may be
collected during the next GC.  Write barrier-ing the owner CodeBlock ensures that
CodeBlock::finalizeBaselineJITInlineCaches() is called on it during the GC,
which, in turn, gives the StructureStubInfo the opportunity to filter out the
dead structure.

* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::considerCaching):
* jit/JITOperations.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@212146 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/StructureStubInfo.h
Source/JavaScriptCore/jit/JITOperations.cpp