[JSC] CodeBlock::jettison should clear related watchpoints
authorrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 15 Feb 2019 21:34:19 +0000 (21:34 +0000)
committerrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 15 Feb 2019 21:34:19 +0000 (21:34 +0000)
https://bugs.webkit.org/show_bug.cgi?id=194544

Reviewed by Mark Lam.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::jettison):
* dfg/DFGCommonData.h:
(JSC::DFG::CommonData::clearWatchpoints): Added.
* dfg/CommonData.cpp:
(JSC::DFG::CommonData::clearWatchpoints): Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241613 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/regexp-replace-double-watchpoint.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/dfg/DFGCommonData.cpp
Source/JavaScriptCore/dfg/DFGCommonData.h

index 1e94113..05fdb76 100644 (file)
@@ -1,3 +1,12 @@
+2019-02-15  Robin Morisset  <rmorisset@apple.com>
+        CodeBlock::jettison should clear related watchpoints
+        https://bugs.webkit.org/show_bug.cgi?id=194544
+
+        Reviewed by Mark Lam.
+
+        * stress/regexp-replace-double-watchpoint.js: Added.
+        (foo):
+
 2019-02-15  Saam barati  <sbarati@apple.com>
 
         [WebAssembly] Write a new register allocator for Air O0 and make BBQ use it
diff --git a/JSTests/stress/regexp-replace-double-watchpoint.js b/JSTests/stress/regexp-replace-double-watchpoint.js
new file mode 100644 (file)
index 0000000..923a575
--- /dev/null
@@ -0,0 +1,19 @@
+function foo() {
+    for (const x in []) {
+        new Float64Array(65493);
+    }
+
+    const nullRegexp = RegExp();
+
+    for (let i = 0; i < 10000; i++) {
+        function bar() {
+            nullRegexp.test("asdf");
+        }
+        bar();
+    }
+
+    for (let j = 13.37; j < 10000; j++) {
+        [].__proto__[j] = 0;
+    }
+}
+"ii".replace(/i/g, foo);
index a33b7cc..10c35f5 100644 (file)
@@ -1,3 +1,17 @@
+2019-02-15  Robin Morisset  <rmorisset@apple.com>
+
+        CodeBlock::jettison should clear related watchpoints
+        https://bugs.webkit.org/show_bug.cgi?id=194544
+
+        Reviewed by Mark Lam.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::jettison):
+        * dfg/DFGCommonData.h:
+        (JSC::DFG::CommonData::clearWatchpoints): Added.
+        * dfg/CommonData.cpp:
+        (JSC::DFG::CommonData::clearWatchpoints): Added.
+
 2019-02-15  Tadeu Zagallo  <tzagallo@apple.com>
 
         Move bytecode cache-related filesystem code out of CodeCache
index 7501889..23527e4 100644 (file)
@@ -1997,6 +1997,9 @@ void CodeBlock::jettison(Profiler::JettisonReason reason, ReoptimizationMode mod
     // 2) Make sure that if we call the owner executable, then we shouldn't call this CodeBlock.
 
 #if ENABLE(DFG_JIT)
+    if (JITCode::isOptimizingJIT(jitType()))
+        jitCode()->dfgCommon()->clearWatchpoints();
+    
     if (reason != Profiler::JettisonDueToOldAge) {
         Profiler::Compilation* compilation = jitCode()->dfgCommon()->compilation.get();
         if (UNLIKELY(compilation))
index 59565b5..73554bc 100644 (file)
@@ -205,6 +205,13 @@ void CommonData::finalizeCatchEntrypoints()
 #endif
 }
 
+void CommonData::clearWatchpoints()
+{
+    watchpoints.clear();
+    adaptiveStructureWatchpoints.clear();
+    adaptiveInferredPropertyValueWatchpoints.clear();
+}
+
 } } // namespace JSC::DFG
 
 #endif // ENABLE(DFG_JIT)
index cb30438..5fda5f5 100644 (file)
@@ -114,6 +114,8 @@ public:
     void validateReferences(const TrackedReferences&);
 
     static ptrdiff_t frameRegisterCountOffset() { return OBJECT_OFFSETOF(CommonData, frameRegisterCount); }
+    
+    void clearWatchpoints();
 
     RefPtr<InlineCallFrameSet> inlineCallFrames;
     Vector<CodeOrigin, 0, UnsafeVectorOverflow> codeOrigins;