Fix DFG doesGC() for TryGetById and ProfileType nodes.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 19 Feb 2019 22:03:54 +0000 (22:03 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 19 Feb 2019 22:03:54 +0000 (22:03 +0000)
https://bugs.webkit.org/show_bug.cgi?id=194821
<rdar://problem/48206690>

Reviewed by Saam Barati.

Fix doesGC() for the following nodes:

    ProfileType:
        calls operationProcessTypeProfilerLogDFG(), which can calculatedClassName(),
        which can call JSString::tryGetValue(), which can resolve a rope.

    TryGetById:
        calls operationTryGetByIdOptimize(), which can startWatchingPropertyForReplacements()
        on a structure, which can allocate StructureRareData.

* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241772 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGDoesGC.cpp

index 2037305..cdfe4c1 100644 (file)
@@ -1,3 +1,24 @@
+2019-02-19  Mark Lam  <mark.lam@apple.com>
+
+        Fix DFG doesGC() for TryGetById and ProfileType nodes.
+        https://bugs.webkit.org/show_bug.cgi?id=194821
+        <rdar://problem/48206690>
+
+        Reviewed by Saam Barati.
+
+        Fix doesGC() for the following nodes:
+
+            ProfileType:
+                calls operationProcessTypeProfilerLogDFG(), which can calculatedClassName(),
+                which can call JSString::tryGetValue(), which can resolve a rope.
+
+            TryGetById:
+                calls operationTryGetByIdOptimize(), which can startWatchingPropertyForReplacements()
+                on a structure, which can allocate StructureRareData.
+
+        * dfg/DFGDoesGC.cpp:
+        (JSC::DFG::doesGC):
+
 2019-02-18  Yusuke Suzuki  <ysuzuki@apple.com>
 
         [JSC] Introduce JSNonDestructibleProxy for JavaScriptCore.framework's GlobalThis
index 28a0912..a211b1a 100644 (file)
@@ -109,7 +109,6 @@ bool doesGC(Graph& graph, Node* node)
     case ArithTrunc:
     case ArithFRound:
     case ArithUnary:
-    case TryGetById:
     case CheckStructure:
     case CheckStructureOrEmpty:
     case CheckStructureImmediate:
@@ -136,7 +135,6 @@ bool doesGC(Graph& graph, Node* node)
     case CompareBelow:
     case CompareBelowEq:
     case CompareEqPtr:
-    case ProfileType:
     case ProfileControlFlow:
     case OverridesHasInstance:
     case IsEmpty:
@@ -293,6 +291,7 @@ bool doesGC(Graph& graph, Node* node)
     case LoadVarargs:
     case NumberToStringWithRadix:
     case NumberToStringWithValidRadixConstant:
+    case ProfileType:
     case PutById:
     case PutByIdDirect:
     case PutByIdFlush:
@@ -327,6 +326,7 @@ bool doesGC(Graph& graph, Node* node)
     case ToObject:
     case ToPrimitive:
     case ToThis:
+    case TryGetById:
     case CreateThis:
     case ObjectCreate:
     case ObjectKeys: