LLInt get_by_id prototype caching doesn't properly handle changes
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 30 May 2018 23:07:16 +0000 (23:07 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 30 May 2018 23:07:16 +0000 (23:07 +0000)
commitd87aaef3886c8881e8102a694e30dbc75da18c3c
treeb2bf2d5d5d3041130e186ae6c9b5c6a224dc1b7a
parent2f6fa988f73c4739a6e88529e74ed06105e7c8b9
LLInt get_by_id prototype caching doesn't properly handle changes
https://bugs.webkit.org/show_bug.cgi?id=186112

Reviewed by Filip Pizlo.

JSTests:

* stress/llint-proto-get-by-id-cache-change-prototype.js: Added.
(foo):
* stress/llint-proto-get-by-id-cache-intercept-value.js: Added.
(foo):

Source/JavaScriptCore:

The caching would sometimes fail to track that a prototype had changed
and wouldn't update its set of watchpoints.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finalizeLLIntInlineCaches):
* bytecode/CodeBlock.h:
* bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::key const):
* bytecode/ObjectPropertyConditionSet.h:
(JSC::ObjectPropertyConditionSet::size const):
* bytecode/Watchpoint.h:
(JSC::Watchpoint::Watchpoint): Deleted.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setupGetByIdPrototypeCache):

Source/WTF:

Mark some methods const.

* wtf/Bag.h:
(WTF::Bag::begin const):
(WTF::Bag::end const):
(WTF::Bag::unwrappedHead const):
(WTF::Bag::end): Deleted.
(WTF::Bag::unwrappedHead): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@232313 268f45cc-cd09-0410-ab3c-d52691b4dbfc
12 files changed:
JSTests/ChangeLog
JSTests/stress/llint-proto-get-by-id-cache-change-prototype.js [new file with mode: 0644]
JSTests/stress/llint-proto-get-by-id-cache-intercept-value.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/CodeBlock.h
Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h
Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.h
Source/JavaScriptCore/bytecode/Watchpoint.h
Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
Source/WTF/ChangeLog
Source/WTF/wtf/Bag.h