<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[242449] releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/242449">242449</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2019-03-05 04:41:07 -0800 (Tue, 05 Mar 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/242015">r242015</a> - [JSC] Lazily create sentinel Map and Set buckets
https://bugs.webkit.org/show_bug.cgi?id=194975

Reviewed by Saam Barati.

If VM::canUseJIT() returns false, we can lazily initialize sentinel Map and Set buckets.
This patch adds getters to VM which lazily allocate these buckets. We eagerly initialize
them if VM::canUseJIT() returns true since they can be touched from DFG and FTL.

* bytecode/BytecodeIntrinsicRegistry.cpp:
(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
(JSC::BytecodeIntrinsicRegistry::sentinelMapBucketValue):
(JSC::BytecodeIntrinsicRegistry::sentinelSetBucketValue):
* bytecode/BytecodeIntrinsicRegistry.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetMapBucketNext):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileGetMapBucket):
(JSC::FTL::DFG::LowerDFGToB3::compileGetMapBucketNext):
* runtime/MapConstructor.cpp:
(JSC::mapPrivateFuncMapBucketNext):
* runtime/SetConstructor.cpp:
(JSC::setPrivateFuncSetBucketNext):
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::sentinelSetBucketSlow):
(JSC::VM::sentinelMapBucketSlow):
* runtime/VM.h:
(JSC::VM::sentinelSetBucket):
(JSC::VM::sentinelMapBucket):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreChangeLog">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCorebytecodeBytecodeIntrinsicRegistrycpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCorebytecodeBytecodeIntrinsicRegistryh">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGByteCodeParsercpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGOperationscpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGOperations.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGSpeculativeJITcpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreftlFTLLowerDFGToB3cpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeMapConstructorcpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/MapConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeSetConstructorcpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/SetConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeVMcpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeVMh">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog   2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog      2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -1,3 +1,41 @@
</span><ins>+2019-02-24  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Lazily create sentinel Map and Set buckets
+        https://bugs.webkit.org/show_bug.cgi?id=194975
+
+        Reviewed by Saam Barati.
+
+        If VM::canUseJIT() returns false, we can lazily initialize sentinel Map and Set buckets.
+        This patch adds getters to VM which lazily allocate these buckets. We eagerly initialize
+        them if VM::canUseJIT() returns true since they can be touched from DFG and FTL.
+
+        * bytecode/BytecodeIntrinsicRegistry.cpp:
+        (JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
+        (JSC::BytecodeIntrinsicRegistry::sentinelMapBucketValue):
+        (JSC::BytecodeIntrinsicRegistry::sentinelSetBucketValue):
+        * bytecode/BytecodeIntrinsicRegistry.h:
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
+        * dfg/DFGOperations.cpp:
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileGetMapBucketNext):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileGetMapBucket):
+        (JSC::FTL::DFG::LowerDFGToB3::compileGetMapBucketNext):
+        * runtime/MapConstructor.cpp:
+        (JSC::mapPrivateFuncMapBucketNext):
+        * runtime/SetConstructor.cpp:
+        (JSC::setPrivateFuncSetBucketNext):
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        (JSC::VM::sentinelSetBucketSlow):
+        (JSC::VM::sentinelMapBucketSlow):
+        * runtime/VM.h:
+        (JSC::VM::sentinelSetBucket):
+        (JSC::VM::sentinelMapBucket):
+
</ins><span class="cx"> 2019-02-23  Mark Lam  <mark.lam@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Add an exception check and some assertions in StringPrototype.cpp.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCorebytecodeBytecodeIntrinsicRegistrycpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.cpp (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.cpp      2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.cpp 2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -69,8 +69,6 @@
</span><span class="cx">     m_promiseStatePending.set(m_vm, jsNumber(static_cast<unsigned>(JSPromise::Status::Pending)));
</span><span class="cx">     m_promiseStateFulfilled.set(m_vm, jsNumber(static_cast<unsigned>(JSPromise::Status::Fulfilled)));
</span><span class="cx">     m_promiseStateRejected.set(m_vm, jsNumber(static_cast<unsigned>(JSPromise::Status::Rejected)));
</span><del>-    m_sentinelMapBucket.set(m_vm, m_vm.sentinelMapBucket.get());
-    m_sentinelSetBucket.set(m_vm, m_vm.sentinelSetBucket.get());
</del><span class="cx">     m_GeneratorResumeModeNormal.set(m_vm, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::NormalMode)));
</span><span class="cx">     m_GeneratorResumeModeThrow.set(m_vm, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::ThrowMode)));
</span><span class="cx">     m_GeneratorResumeModeReturn.set(m_vm, jsNumber(static_cast<int32_t>(JSGeneratorFunction::GeneratorResumeMode::ReturnMode)));
</span><span class="lines">@@ -101,8 +99,18 @@
</span><span class="cx">     { \
</span><span class="cx">         return m_##name.get(); \
</span><span class="cx">     }
</span><del>-    JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_EACH_NAME(JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS)
</del><ins>+    JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_SIMPLE_EACH_NAME(JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS)
</ins><span class="cx"> #undef JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS
</span><span class="cx"> 
</span><ins>+JSValue BytecodeIntrinsicRegistry::sentinelMapBucketValue(BytecodeGenerator& generator)
+{
+    return generator.vm()->sentinelMapBucket();
+}
+
+JSValue BytecodeIntrinsicRegistry::sentinelSetBucketValue(BytecodeGenerator& generator)
+{
+    return generator.vm()->sentinelSetBucket();
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCorebytecodeBytecodeIntrinsicRegistryh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h        2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h   2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -66,6 +66,10 @@
</span><span class="cx">     macro(defineEnumerableWritableConfigurableDataProperty) \
</span><span class="cx"> 
</span><span class="cx"> #define JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_EACH_NAME(macro) \
</span><ins>+    JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_SIMPLE_EACH_NAME(macro) \
+    JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_CUSTOM_EACH_NAME(macro) \
+
+#define JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_SIMPLE_EACH_NAME(macro) \
</ins><span class="cx">     macro(undefined) \
</span><span class="cx">     macro(Infinity) \
</span><span class="cx">     macro(iterationKindKey) \
</span><span class="lines">@@ -85,8 +89,6 @@
</span><span class="cx">     macro(promiseStatePending) \
</span><span class="cx">     macro(promiseStateFulfilled) \
</span><span class="cx">     macro(promiseStateRejected) \
</span><del>-    macro(sentinelMapBucket) \
-    macro(sentinelSetBucket) \
</del><span class="cx">     macro(GeneratorResumeModeNormal) \
</span><span class="cx">     macro(GeneratorResumeModeThrow) \
</span><span class="cx">     macro(GeneratorResumeModeReturn) \
</span><span class="lines">@@ -101,6 +103,10 @@
</span><span class="cx">     macro(AsyncGeneratorSuspendReasonAwait) \
</span><span class="cx">     macro(AsyncGeneratorSuspendReasonNone) \
</span><span class="cx"> 
</span><ins>+#define JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_CUSTOM_EACH_NAME(macro) \
+    macro(sentinelMapBucket) \
+    macro(sentinelSetBucket) \
+
</ins><span class="cx"> class BytecodeIntrinsicRegistry {
</span><span class="cx">     WTF_MAKE_FAST_ALLOCATED;
</span><span class="cx">     WTF_MAKE_NONCOPYABLE(BytecodeIntrinsicRegistry);
</span><span class="lines">@@ -120,7 +126,7 @@
</span><span class="cx">     HashMap<RefPtr<UniquedStringImpl>, EmitterType, IdentifierRepHash> m_bytecodeIntrinsicMap;
</span><span class="cx"> 
</span><span class="cx"> #define JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS(name) Strong<Unknown> m_##name;
</span><del>-    JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_EACH_NAME(JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS)
</del><ins>+    JSC_COMMON_BYTECODE_INTRINSIC_CONSTANTS_SIMPLE_EACH_NAME(JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS)
</ins><span class="cx"> #undef JSC_DECLARE_BYTECODE_INTRINSIC_CONSTANT_GENERATORS
</span><span class="cx"> };
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp   2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp      2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -2929,9 +2929,9 @@
</span><span class="cx">             Node* bucket = addToGraph(GetMapBucket, OpInfo(0), Edge(mapOrSet, useKind), Edge(normalizedKey), Edge(hash));
</span><span class="cx">             JSCell* sentinel = nullptr;
</span><span class="cx">             if (intrinsic == JSMapHasIntrinsic)
</span><del>-                sentinel = m_vm->sentinelMapBucket.get();
</del><ins>+                sentinel = m_vm->sentinelMapBucket();
</ins><span class="cx">             else
</span><del>-                sentinel = m_vm->sentinelSetBucket.get();
</del><ins>+                sentinel = m_vm->sentinelSetBucket();
</ins><span class="cx"> 
</span><span class="cx">             FrozenValue* frozenPointer = m_graph.freeze(sentinel);
</span><span class="cx">             Node* invertedResult = addToGraph(CompareEqPtr, OpInfo(frozenPointer), bucket);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGOperationscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGOperations.cpp (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGOperations.cpp       2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGOperations.cpp  2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -2892,7 +2892,7 @@
</span><span class="cx">     NativeCallFrameTracer tracer(&vm, exec);
</span><span class="cx">     JSMap::BucketType** bucket = jsCast<JSMap*>(map)->findBucket(exec, JSValue::decode(key), hash);
</span><span class="cx">     if (!bucket)
</span><del>-        return vm.sentinelMapBucket.get();
</del><ins>+        return vm.sentinelMapBucket();
</ins><span class="cx">     return *bucket;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -2902,7 +2902,7 @@
</span><span class="cx">     NativeCallFrameTracer tracer(&vm, exec);
</span><span class="cx">     JSSet::BucketType** bucket = jsCast<JSSet*>(map)->findBucket(exec, JSValue::decode(key), hash);
</span><span class="cx">     if (!bucket)
</span><del>-        return vm.sentinelSetBucket.get();
</del><ins>+        return vm.sentinelSetBucket();
</ins><span class="cx">     return *bucket;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -2912,7 +2912,7 @@
</span><span class="cx">     NativeCallFrameTracer tracer(&vm, exec);
</span><span class="cx">     auto* bucket = jsCast<JSSet*>(set)->addNormalized(exec, JSValue::decode(key), JSValue(), hash);
</span><span class="cx">     if (!bucket)
</span><del>-        return vm.sentinelSetBucket.get();
</del><ins>+        return vm.sentinelSetBucket();
</ins><span class="cx">     return bucket;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -2922,7 +2922,7 @@
</span><span class="cx">     NativeCallFrameTracer tracer(&vm, exec);
</span><span class="cx">     auto* bucket = jsCast<JSMap*>(map)->addNormalized(exec, JSValue::decode(key), JSValue::decode(value), hash);
</span><span class="cx">     if (!bucket)
</span><del>-        return vm.sentinelMapBucket.get();
</del><ins>+        return vm.sentinelMapBucket();
</ins><span class="cx">     return bucket;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp   2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp      2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -11792,10 +11792,10 @@
</span><span class="cx">     notBucket.link(&m_jit);
</span><span class="cx">     JSCell* sentinel = nullptr;
</span><span class="cx">     if (node->bucketOwnerType() == BucketOwnerType::Map)
</span><del>-        sentinel = m_jit.vm()->sentinelMapBucket.get();
</del><ins>+        sentinel = m_jit.vm()->sentinelMapBucket();
</ins><span class="cx">     else {
</span><span class="cx">         ASSERT(node->bucketOwnerType() == BucketOwnerType::Set);
</span><del>-        sentinel = m_jit.vm()->sentinelSetBucket.get();
</del><ins>+        sentinel = m_jit.vm()->sentinelSetBucket();
</ins><span class="cx">     }
</span><span class="cx">     m_jit.move(TrustedImmPtr::weakPointer(m_jit.graph(), sentinel), resultGPR);
</span><span class="cx">     done.link(&m_jit);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp    2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -4217,9 +4217,9 @@
</span><span class="cx"> 
</span><span class="cx">         notPresentInTable.link(&m_jit);
</span><span class="cx">         if (node->child1().useKind() == MapObjectUse)
</span><del>-            m_jit.move(TrustedImmPtr::weakPointer(m_jit.graph(), m_jit.vm()->sentinelMapBucket.get()), resultGPR);
</del><ins>+            m_jit.move(TrustedImmPtr::weakPointer(m_jit.graph(), m_jit.vm()->sentinelMapBucket()), resultGPR);
</ins><span class="cx">         else
</span><del>-            m_jit.move(TrustedImmPtr::weakPointer(m_jit.graph(), m_jit.vm()->sentinelSetBucket.get()), resultGPR);
</del><ins>+            m_jit.move(TrustedImmPtr::weakPointer(m_jit.graph(), m_jit.vm()->sentinelSetBucket()), resultGPR);
</ins><span class="cx">         done.link(&m_jit);
</span><span class="cx">         cellResult(resultGPR, node);
</span><span class="cx">         break;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp     2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp        2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -9744,9 +9744,9 @@
</span><span class="cx">         m_out.appendTo(notPresentInTable, continuation);
</span><span class="cx">         ValueFromBlock notPresentResult;
</span><span class="cx">         if (m_node->child1().useKind() == MapObjectUse)
</span><del>-            notPresentResult = m_out.anchor(weakPointer(vm().sentinelMapBucket.get()));
</del><ins>+            notPresentResult = m_out.anchor(weakPointer(vm().sentinelMapBucket()));
</ins><span class="cx">         else if (m_node->child1().useKind() == SetObjectUse)
</span><del>-            notPresentResult = m_out.anchor(weakPointer(vm().sentinelSetBucket.get()));
</del><ins>+            notPresentResult = m_out.anchor(weakPointer(vm().sentinelSetBucket()));
</ins><span class="cx">         else
</span><span class="cx">             RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx">         m_out.jump(continuation);
</span><span class="lines">@@ -9792,10 +9792,10 @@
</span><span class="cx">         m_out.appendTo(noBucket, hasBucket);
</span><span class="cx">         ValueFromBlock noBucketResult;
</span><span class="cx">         if (m_node->bucketOwnerType() == BucketOwnerType::Map)
</span><del>-            noBucketResult = m_out.anchor(weakPointer(vm().sentinelMapBucket.get()));
</del><ins>+            noBucketResult = m_out.anchor(weakPointer(vm().sentinelMapBucket()));
</ins><span class="cx">         else {
</span><span class="cx">             ASSERT(m_node->bucketOwnerType() == BucketOwnerType::Set);
</span><del>-            noBucketResult = m_out.anchor(weakPointer(vm().sentinelSetBucket.get()));
</del><ins>+            noBucketResult = m_out.anchor(weakPointer(vm().sentinelSetBucket()));
</ins><span class="cx">         }
</span><span class="cx">         m_out.jump(continuation);
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeMapConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/MapConstructor.cpp (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/MapConstructor.cpp  2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/MapConstructor.cpp     2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -136,7 +136,7 @@
</span><span class="cx">             return JSValue::encode(bucket);
</span><span class="cx">         bucket = bucket->next();
</span><span class="cx">     }
</span><del>-    return JSValue::encode(exec->vm().sentinelMapBucket.get());
</del><ins>+    return JSValue::encode(exec->vm().sentinelMapBucket());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL mapPrivateFuncMapBucketKey(ExecState* exec)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeSetConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/SetConstructor.cpp (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/SetConstructor.cpp  2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/SetConstructor.cpp     2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -122,7 +122,7 @@
</span><span class="cx">             return JSValue::encode(bucket);
</span><span class="cx">         bucket = bucket->next();
</span><span class="cx">     }
</span><del>-    return JSValue::encode(exec->vm().sentinelSetBucket.get());
</del><ins>+    return JSValue::encode(exec->vm().sentinelSetBucket());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL setPrivateFuncSetBucketKey(ExecState* exec)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeVMcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.cpp (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.cpp      2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.cpp 2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -401,8 +401,11 @@
</span><span class="cx">     bigIntStructure.set(*this, JSBigInt::createStructure(*this, 0, jsNull()));
</span><span class="cx">     executableToCodeBlockEdgeStructure.set(*this, ExecutableToCodeBlockEdge::createStructure(*this, nullptr, jsNull()));
</span><span class="cx"> 
</span><del>-    sentinelSetBucket.set(*this, JSSet::BucketType::createSentinel(*this));
-    sentinelMapBucket.set(*this, JSMap::BucketType::createSentinel(*this));
</del><ins>+    // Eagerly initialize constant cells since the concurrent compiler can access them.
+    if (canUseJIT()) {
+        sentinelMapBucket();
+        sentinelSetBucket();
+    }
</ins><span class="cx"> 
</span><span class="cx">     Thread::current().setCurrentAtomicStringTable(existingEntryAtomicStringTable);
</span><span class="cx"> 
</span><span class="lines">@@ -1284,6 +1287,23 @@
</span><span class="cx"> 
</span><span class="cx"> #undef DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW
</span><span class="cx"> 
</span><ins>+
+JSCell* VM::sentinelSetBucketSlow()
+{
+    ASSERT(!m_sentinelSetBucket);
+    auto* sentinel = JSSet::BucketType::createSentinel(*this);
+    m_sentinelSetBucket.set(*this, sentinel);
+    return sentinel;
+}
+
+JSCell* VM::sentinelMapBucketSlow()
+{
+    ASSERT(!m_sentinelMapBucket);
+    auto* sentinel = JSMap::BucketType::createSentinel(*this);
+    m_sentinelMapBucket.set(*this, sentinel);
+    return sentinel;
+}
+
</ins><span class="cx"> JSGlobalObject* VM::vmEntryGlobalObject(const CallFrame* callFrame) const
</span><span class="cx"> {
</span><span class="cx">     if (callFrame && callFrame->isGlobalExec()) {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.h (242448 => 242449)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.h        2019-03-05 12:41:01 UTC (rev 242448)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.h   2019-03-05 12:41:07 UTC (rev 242449)
</span><span class="lines">@@ -539,9 +539,10 @@
</span><span class="cx">     Strong<Structure> executableToCodeBlockEdgeStructure;
</span><span class="cx"> 
</span><span class="cx">     Strong<JSCell> emptyPropertyNameEnumerator;
</span><del>-    Strong<JSCell> sentinelSetBucket;
-    Strong<JSCell> sentinelMapBucket;
</del><span class="cx"> 
</span><ins>+    Strong<JSCell> m_sentinelSetBucket;
+    Strong<JSCell> m_sentinelMapBucket;
+
</ins><span class="cx">     std::unique_ptr<PromiseDeferredTimer> promiseDeferredTimer;
</span><span class="cx">     
</span><span class="cx">     JSCell* currentlyDestructingCallbackObject;
</span><span class="lines">@@ -562,6 +563,20 @@
</span><span class="cx">     AtomicStringTable* atomicStringTable() const { return m_atomicStringTable; }
</span><span class="cx">     WTF::SymbolRegistry& symbolRegistry() { return m_symbolRegistry; }
</span><span class="cx"> 
</span><ins>+    JSCell* sentinelSetBucket()
+    {
+        if (LIKELY(m_sentinelSetBucket))
+            return m_sentinelSetBucket.get();
+        return sentinelSetBucketSlow();
+    }
+
+    JSCell* sentinelMapBucket()
+    {
+        if (LIKELY(m_sentinelMapBucket))
+            return m_sentinelMapBucket.get();
+        return sentinelMapBucketSlow();
+    }
+
</ins><span class="cx">     WeakGCMap<SymbolImpl*, Symbol, PtrHash<SymbolImpl*>> symbolImplToSymbolMap;
</span><span class="cx"> 
</span><span class="cx">     enum class DeletePropertyMode {
</span><span class="lines">@@ -890,6 +905,9 @@
</span><span class="cx">     static VM*& sharedInstanceInternal();
</span><span class="cx">     void createNativeThunk();
</span><span class="cx"> 
</span><ins>+    JSCell* sentinelSetBucketSlow();
+    JSCell* sentinelMapBucketSlow();
+
</ins><span class="cx">     void updateStackLimits();
</span><span class="cx"> 
</span><span class="cx">     bool isSafeToRecurse(void* stackLimit) const
</span></span></pre>
</div>
</div>

</body>
</html>