[webkit-changes] [WebKit/WebKit] 28686e: Error() ICs should not cache special properties.
Justin Michaud
noreply at github.com
Wed Nov 9 19:22:14 PST 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 28686e63de0d3d7270a49b0d6b656467bc4fbf68
https://github.com/WebKit/WebKit/commit/28686e63de0d3d7270a49b0d6b656467bc4fbf68
Author: Justin Michaud <justin_michaud at apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
A JSTests/stress/delete-cache-error.js
A JSTests/stress/get-own-property-slot-cache-error.js
A JSTests/stress/get-property-cache-error.js
M Source/JavaScriptCore/runtime/ErrorInstance.cpp
M Source/JavaScriptCore/runtime/ErrorInstance.h
Log Message:
-----------
Error() ICs should not cache special properties.
https://bugs.webkit.org/show_bug.cgi?id=247699
Reviewed by Yusuke Suzuki.
HasOwnProperty/DeleteProperty are not always cacheable for special Error()
properties like column. These special properties are materialized on-demand
in materializeErrorInfoIfNeeded, but this function's behaviour can be changed
by Error.stackTraceLimit without causing a structure transition or firing watchpoints.
That is, we cannot cache property misses, and we cannot assume HasOwnProperty is deterministic
for a given structure if we are using one of these properties.
* Source/JavaScriptCore/runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::deleteProperty):
* Source/JavaScriptCore/runtime/ErrorInstance.h:
Canonical link: https://commits.webkit.org/256519@main
More information about the webkit-changes
mailing list