https://bugs.webkit.org/show_bug.cgi?id=154135
rdar://problem/
24291586
Reviewed by Geoffrey Garen.
ByteCodeParser::presenceLike() could return a null object property condition if it detects a
contradiction. That could happen due to bogus profiling. It's totally OK - we just need to
bail from using a property condition when that happens.
* bytecode/ObjectPropertyCondition.h:
(JSC::ObjectPropertyCondition::equivalence):
(JSC::ObjectPropertyCondition::operator bool):
(JSC::ObjectPropertyCondition::object):
(JSC::ObjectPropertyCondition::condition):
(JSC::ObjectPropertyCondition::operator!): Deleted.
* bytecode/PropertyCondition.h:
(JSC::PropertyCondition::equivalence):
(JSC::PropertyCondition::operator bool):
(JSC::PropertyCondition::kind):
(JSC::PropertyCondition::uid):
(JSC::PropertyCondition::operator!): Deleted.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::check):
(JSC::DFG::ByteCodeParser::load):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196446
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2016-02-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG::ByteCodeParser needs to null check the result of presenceLike()
+ https://bugs.webkit.org/show_bug.cgi?id=154135
+ rdar://problem/24291586
+
+ Reviewed by Geoffrey Garen.
+
+ ByteCodeParser::presenceLike() could return a null object property condition if it detects a
+ contradiction. That could happen due to bogus profiling. It's totally OK - we just need to
+ bail from using a property condition when that happens.
+
+ * bytecode/ObjectPropertyCondition.h:
+ (JSC::ObjectPropertyCondition::equivalence):
+ (JSC::ObjectPropertyCondition::operator bool):
+ (JSC::ObjectPropertyCondition::object):
+ (JSC::ObjectPropertyCondition::condition):
+ (JSC::ObjectPropertyCondition::operator!): Deleted.
+ * bytecode/PropertyCondition.h:
+ (JSC::PropertyCondition::equivalence):
+ (JSC::PropertyCondition::operator bool):
+ (JSC::PropertyCondition::kind):
+ (JSC::PropertyCondition::uid):
+ (JSC::PropertyCondition::operator!): Deleted.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::check):
+ (JSC::DFG::ByteCodeParser::load):
+
2016-02-11 Benjamin Poulain <benjamin@webkit.org>
[JSC] SqrtFloat and CeilFloat also suffer from partial register stalls
/*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
vm.heap.writeBarrier(owner);
return equivalenceWithoutBarrier(object, uid, value);
}
-
- bool operator!() const { return !m_condition; };
+
+ explicit operator bool() const { return !!m_condition; }
JSObject* object() const { return m_object; }
PropertyCondition condition() const { return m_condition; }
/*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
vm.heap.writeBarrier(owner);
return equivalenceWithoutBarrier(uid, value);
}
-
- bool operator!() const { return !m_uid && m_kind == Presence; };
+
+ explicit operator bool() const { return m_uid || m_kind != Presence; }
Kind kind() const { return m_kind; }
UniquedStringImpl* uid() const { return m_uid; }
bool ByteCodeParser::check(const ObjectPropertyCondition& condition)
{
+ if (!condition)
+ return false;
+
if (m_graph.watchCondition(condition))
return true;
ObjectPropertyCondition presenceCondition =
presenceLike(knownBase, uid, variant.offset(), variant.structureSet());
-
- ObjectPropertyCondition equivalenceCondition =
- presenceCondition.attemptToMakeEquivalenceWithoutBarrier();
- if (m_graph.watchCondition(equivalenceCondition))
- return weakJSConstant(equivalenceCondition.requiredValue());
-
- if (check(presenceCondition))
- needStructureCheck = false;
+ if (presenceCondition) {
+ ObjectPropertyCondition equivalenceCondition =
+ presenceCondition.attemptToMakeEquivalenceWithoutBarrier();
+ if (m_graph.watchCondition(equivalenceCondition))
+ return weakJSConstant(equivalenceCondition.requiredValue());
+
+ if (check(presenceCondition))
+ needStructureCheck = false;
+ }
}
}
}
git://git.webkit.org / WebKit-https.git / commitdiff