[webkit-changes] [WebKit/WebKit] e8d6da: [JSC] EnumeratorPutByVal should always insert Stor...
Yusuke Suzuki
noreply at github.com
Thu Jul 20 22:31:08 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e8d6da87e15523afad164a5a4a2d2ab2d4dc8147
https://github.com/WebKit/WebKit/commit/e8d6da87e15523afad164a5a4a2d2ab2d4dc8147
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-07-20 (Thu, 20 Jul 2023)
Changed paths:
M Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp
Log Message:
-----------
[JSC] EnumeratorPutByVal should always insert StoreBarrier in DFG
https://bugs.webkit.org/show_bug.cgi?id=259385
rdar://75030534
Reviewed by Saam Barati.
Regardless of the assigned value's type, EnumeratorPutByVal can cause structure-transition.
Thus we always need to consider inserting StoreBarrier for GC for transitioned new Structure.
While the existing code was fine for PutByValMegamorphic, anyway we modify it to make it explicit
that it is always inserting a barrier too.
Unfortunately, this is really hard to test this change due to concurrency of GC. Right now, we just
fix this obvious issue in this patch.
* Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp:
Canonical link: https://commits.webkit.org/266200@main
More information about the webkit-changes
mailing list