<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[246745] branches/safari-607-branch</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/246745">246745</a></dd>
<dt>Author</dt> <dd>kocsen_chung@apple.com</dd>
<dt>Date</dt> <dd>2019-06-24 11:52:38 -0700 (Mon, 24 Jun 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>Cherry-pick <a href="http://trac.webkit.org/projects/webkit/changeset/246505">r246505</a>. rdar://problem/51927642

    [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
    https://bugs.webkit.org/show_bug.cgi?id=197378

    Reviewed by Saam Barati.

    JSTests:

    * stress/disposable-call-site-index-with-call-and-this.js: Added.
    (foo):
    (bar):
    * stress/disposable-call-site-index.js: Added.
    (foo):
    (bar):

    Source/JavaScriptCore:

    Some of CallSiteIndex are disposable. This is because some of CallSiteIndex are allocated and freed at runtime (not DFG/FTL compile time).
    The example is CallSiteIndex for exception handler in GCAwareJITStubRoutineWithExceptionHandler. If we do not allocate and free CallSiteIndex,
    we will create a new CallSiteIndex continuously and leak memory.

    The other CallSiteIndex are not simply disposable because the ownership model is not unique one. They can be shared between multiple clients.
    But not disposing them is OK because they are static one: they are allocated when compiling DFG/FTL, and we do not allocate such CallSiteIndex
    at runtime.

    To make this difference explicit and avoid disposing non-disposable CallSiteIndex accidentally, we introduce DisposableCallSiteIndex type, and
    enforce type-safety to some degree.

    We also correctly update the DisposableCallSiteIndex => CodeOrigin table when we are reusing the previously used DisposableCallSiteIndex.

    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::newExceptionHandlingCallSiteIndex):
    (JSC::CodeBlock::removeExceptionHandlerForCallSite):
    * bytecode/CodeBlock.h:
    * bytecode/PolymorphicAccess.cpp:
    (JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
    (JSC::PolymorphicAccess::regenerate):
    * bytecode/PolymorphicAccess.h:
    (JSC::AccessGenerationState::callSiteIndexForExceptionHandling): Deleted.
    * dfg/DFGCommonData.cpp:
    (JSC::DFG::CommonData::addUniqueCallSiteIndex):
    (JSC::DFG::CommonData::addDisposableCallSiteIndex):
    (JSC::DFG::CommonData::removeDisposableCallSiteIndex):
    (JSC::DFG::CommonData::removeCallSiteIndex): Deleted.
    * dfg/DFGCommonData.h:
    * interpreter/CallFrame.h:
    (JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
    (JSC::DisposableCallSiteIndex::fromCallSiteIndex):
    * jit/GCAwareJITStubRoutine.cpp:
    (JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
    (JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
    (JSC::createJITStubRoutine):
    * jit/GCAwareJITStubRoutine.h:
    * jit/JITInlineCacheGenerator.h:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246505 268f45cc-cd09-0410-ab3c-d52691b4dbfc</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari607branchJSTestsChangeLog">branches/safari-607-branch/JSTests/ChangeLog</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCoreChangeLog">branches/safari-607-branch/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCorebytecodeCodeBlockcpp">branches/safari-607-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCorebytecodeCodeBlockh">branches/safari-607-branch/Source/JavaScriptCore/bytecode/CodeBlock.h</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCorebytecodePolymorphicAccesscpp">branches/safari-607-branch/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCorebytecodePolymorphicAccessh">branches/safari-607-branch/Source/JavaScriptCore/bytecode/PolymorphicAccess.h</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCoredfgDFGCommonDatacpp">branches/safari-607-branch/Source/JavaScriptCore/dfg/DFGCommonData.cpp</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCoredfgDFGCommonDatah">branches/safari-607-branch/Source/JavaScriptCore/dfg/DFGCommonData.h</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCoreinterpreterCallFrameh">branches/safari-607-branch/Source/JavaScriptCore/interpreter/CallFrame.h</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCorejitGCAwareJITStubRoutinecpp">branches/safari-607-branch/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCorejitGCAwareJITStubRoutineh">branches/safari-607-branch/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h</a></li>
<li><a href="#branchessafari607branchSourceJavaScriptCorejitJITInlineCacheGeneratorh">branches/safari-607-branch/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari607branchJSTestsstressdisposablecallsiteindexwithcallandthisjs">branches/safari-607-branch/JSTests/stress/disposable-call-site-index-with-call-and-this.js</a></li>
<li><a href="#branchessafari607branchJSTestsstressdisposablecallsiteindexjs">branches/safari-607-branch/JSTests/stress/disposable-call-site-index.js</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari607branchJSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/JSTests/ChangeLog (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/JSTests/ChangeLog     2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/JSTests/ChangeLog        2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -1,3 +1,77 @@
</span><ins>+2019-06-24  Kocsen Chung  <kocsen_chung@apple.com>
+
+        Cherry-pick r246505. rdar://problem/51927642
+
+    [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
+    https://bugs.webkit.org/show_bug.cgi?id=197378
+    
+    Reviewed by Saam Barati.
+    
+    JSTests:
+    
+    * stress/disposable-call-site-index-with-call-and-this.js: Added.
+    (foo):
+    (bar):
+    * stress/disposable-call-site-index.js: Added.
+    (foo):
+    (bar):
+    
+    Source/JavaScriptCore:
+    
+    Some of CallSiteIndex are disposable. This is because some of CallSiteIndex are allocated and freed at runtime (not DFG/FTL compile time).
+    The example is CallSiteIndex for exception handler in GCAwareJITStubRoutineWithExceptionHandler. If we do not allocate and free CallSiteIndex,
+    we will create a new CallSiteIndex continuously and leak memory.
+    
+    The other CallSiteIndex are not simply disposable because the ownership model is not unique one. They can be shared between multiple clients.
+    But not disposing them is OK because they are static one: they are allocated when compiling DFG/FTL, and we do not allocate such CallSiteIndex
+    at runtime.
+    
+    To make this difference explicit and avoid disposing non-disposable CallSiteIndex accidentally, we introduce DisposableCallSiteIndex type, and
+    enforce type-safety to some degree.
+    
+    We also correctly update the DisposableCallSiteIndex => CodeOrigin table when we are reusing the previously used DisposableCallSiteIndex.
+    
+    * bytecode/CodeBlock.cpp:
+    (JSC::CodeBlock::newExceptionHandlingCallSiteIndex):
+    (JSC::CodeBlock::removeExceptionHandlerForCallSite):
+    * bytecode/CodeBlock.h:
+    * bytecode/PolymorphicAccess.cpp:
+    (JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
+    (JSC::PolymorphicAccess::regenerate):
+    * bytecode/PolymorphicAccess.h:
+    (JSC::AccessGenerationState::callSiteIndexForExceptionHandling): Deleted.
+    * dfg/DFGCommonData.cpp:
+    (JSC::DFG::CommonData::addUniqueCallSiteIndex):
+    (JSC::DFG::CommonData::addDisposableCallSiteIndex):
+    (JSC::DFG::CommonData::removeDisposableCallSiteIndex):
+    (JSC::DFG::CommonData::removeCallSiteIndex): Deleted.
+    * dfg/DFGCommonData.h:
+    * interpreter/CallFrame.h:
+    (JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
+    (JSC::DisposableCallSiteIndex::fromCallSiteIndex):
+    * jit/GCAwareJITStubRoutine.cpp:
+    (JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
+    (JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
+    (JSC::createJITStubRoutine):
+    * jit/GCAwareJITStubRoutine.h:
+    * jit/JITInlineCacheGenerator.h:
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246505 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2019-06-17  Yusuke Suzuki  <ysuzuki@apple.com>
+
+            [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
+            https://bugs.webkit.org/show_bug.cgi?id=197378
+
+            Reviewed by Saam Barati.
+
+            * stress/disposable-call-site-index-with-call-and-this.js: Added.
+            (foo):
+            (bar):
+            * stress/disposable-call-site-index.js: Added.
+            (foo):
+            (bar):
+
</ins><span class="cx"> 2019-06-13  Kocsen Chung  <kocsen_chung@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Apply patch. rdar://problem/51656844
</span></span></pre></div>
<a id="branchessafari607branchJSTestsstressdisposablecallsiteindexwithcallandthisjs"></a>
<div class="addfile"><h4>Added: branches/safari-607-branch/JSTests/stress/disposable-call-site-index-with-call-and-this.js (0 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/JSTests/stress/disposable-call-site-index-with-call-and-this.js                               (rev 0)
+++ branches/safari-607-branch/JSTests/stress/disposable-call-site-index-with-call-and-this.js  2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -0,0 +1,26 @@
</span><ins>+var ia = new Int8Array(1024);
+
+function foo(o) {
+    return o.f;
+}
+
+function bar(o) {
+
+    try {
+        o.f = 0x1;
+        Uint8Array.prototype.find.call(ia, function () {
+            o.f = 0x1;
+        }, this);
+    } catch (e) {
+    }
+
+    foo(o);
+}
+
+var o = new Object();
+o.__defineGetter__("f", function () { });
+
+for (var i = 0; i < 1000; ++i) {
+    bar({});
+    bar(o);
+}
</ins></span></pre></div>
<a id="branchessafari607branchJSTestsstressdisposablecallsiteindexjs"></a>
<div class="addfile"><h4>Added: branches/safari-607-branch/JSTests/stress/disposable-call-site-index.js (0 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/JSTests/stress/disposable-call-site-index.js                          (rev 0)
+++ branches/safari-607-branch/JSTests/stress/disposable-call-site-index.js     2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -0,0 +1,28 @@
</span><ins>+//@ runDefault("--useConcurrentJIT=0", "--useConcurrentGC=0", "--thresholdForJITAfterWarmUp=10", "--thresholdForOptimizeAfterWarmUp=100", "--thresholdForOptimizeAfterLongWarmUp=100", "--thresholdForOptimizeAfterLongWarmUp=100")
+
+var ia = new Int8Array(1024);
+
+function foo(o) {
+    return o.f;
+}
+
+function bar(o) {
+
+    try {
+        o.f = 0x1;
+        Uint8Array.prototype.find.call(ia, function () {
+            o.f = 0x1;
+        });
+    } catch (e) {
+    }
+
+    foo(o);
+}
+
+var o = new Object();
+o.__defineGetter__("f", function () { });
+
+for (var i = 0; i < 1000; ++i) {
+    bar({});
+    bar(o);
+}
</ins></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/ChangeLog (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/ChangeLog       2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/ChangeLog  2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -1,3 +1,108 @@
</span><ins>+2019-06-24  Kocsen Chung  <kocsen_chung@apple.com>
+
+        Cherry-pick r246505. rdar://problem/51927642
+
+    [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
+    https://bugs.webkit.org/show_bug.cgi?id=197378
+    
+    Reviewed by Saam Barati.
+    
+    JSTests:
+    
+    * stress/disposable-call-site-index-with-call-and-this.js: Added.
+    (foo):
+    (bar):
+    * stress/disposable-call-site-index.js: Added.
+    (foo):
+    (bar):
+    
+    Source/JavaScriptCore:
+    
+    Some of CallSiteIndex are disposable. This is because some of CallSiteIndex are allocated and freed at runtime (not DFG/FTL compile time).
+    The example is CallSiteIndex for exception handler in GCAwareJITStubRoutineWithExceptionHandler. If we do not allocate and free CallSiteIndex,
+    we will create a new CallSiteIndex continuously and leak memory.
+    
+    The other CallSiteIndex are not simply disposable because the ownership model is not unique one. They can be shared between multiple clients.
+    But not disposing them is OK because they are static one: they are allocated when compiling DFG/FTL, and we do not allocate such CallSiteIndex
+    at runtime.
+    
+    To make this difference explicit and avoid disposing non-disposable CallSiteIndex accidentally, we introduce DisposableCallSiteIndex type, and
+    enforce type-safety to some degree.
+    
+    We also correctly update the DisposableCallSiteIndex => CodeOrigin table when we are reusing the previously used DisposableCallSiteIndex.
+    
+    * bytecode/CodeBlock.cpp:
+    (JSC::CodeBlock::newExceptionHandlingCallSiteIndex):
+    (JSC::CodeBlock::removeExceptionHandlerForCallSite):
+    * bytecode/CodeBlock.h:
+    * bytecode/PolymorphicAccess.cpp:
+    (JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
+    (JSC::PolymorphicAccess::regenerate):
+    * bytecode/PolymorphicAccess.h:
+    (JSC::AccessGenerationState::callSiteIndexForExceptionHandling): Deleted.
+    * dfg/DFGCommonData.cpp:
+    (JSC::DFG::CommonData::addUniqueCallSiteIndex):
+    (JSC::DFG::CommonData::addDisposableCallSiteIndex):
+    (JSC::DFG::CommonData::removeDisposableCallSiteIndex):
+    (JSC::DFG::CommonData::removeCallSiteIndex): Deleted.
+    * dfg/DFGCommonData.h:
+    * interpreter/CallFrame.h:
+    (JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
+    (JSC::DisposableCallSiteIndex::fromCallSiteIndex):
+    * jit/GCAwareJITStubRoutine.cpp:
+    (JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
+    (JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
+    (JSC::createJITStubRoutine):
+    * jit/GCAwareJITStubRoutine.h:
+    * jit/JITInlineCacheGenerator.h:
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246505 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2019-06-17  Yusuke Suzuki  <ysuzuki@apple.com>
+
+            [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
+            https://bugs.webkit.org/show_bug.cgi?id=197378
+
+            Reviewed by Saam Barati.
+
+            Some of CallSiteIndex are disposable. This is because some of CallSiteIndex are allocated and freed at runtime (not DFG/FTL compile time).
+            The example is CallSiteIndex for exception handler in GCAwareJITStubRoutineWithExceptionHandler. If we do not allocate and free CallSiteIndex,
+            we will create a new CallSiteIndex continuously and leak memory.
+
+            The other CallSiteIndex are not simply disposable because the ownership model is not unique one. They can be shared between multiple clients.
+            But not disposing them is OK because they are static one: they are allocated when compiling DFG/FTL, and we do not allocate such CallSiteIndex
+            at runtime.
+
+            To make this difference explicit and avoid disposing non-disposable CallSiteIndex accidentally, we introduce DisposableCallSiteIndex type, and
+            enforce type-safety to some degree.
+
+            We also correctly update the DisposableCallSiteIndex => CodeOrigin table when we are reusing the previously used DisposableCallSiteIndex.
+
+            * bytecode/CodeBlock.cpp:
+            (JSC::CodeBlock::newExceptionHandlingCallSiteIndex):
+            (JSC::CodeBlock::removeExceptionHandlerForCallSite):
+            * bytecode/CodeBlock.h:
+            * bytecode/PolymorphicAccess.cpp:
+            (JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
+            (JSC::PolymorphicAccess::regenerate):
+            * bytecode/PolymorphicAccess.h:
+            (JSC::AccessGenerationState::callSiteIndexForExceptionHandling): Deleted.
+            * dfg/DFGCommonData.cpp:
+            (JSC::DFG::CommonData::addUniqueCallSiteIndex):
+            (JSC::DFG::CommonData::addDisposableCallSiteIndex):
+            (JSC::DFG::CommonData::removeDisposableCallSiteIndex):
+            (JSC::DFG::CommonData::removeCallSiteIndex): Deleted.
+            * dfg/DFGCommonData.h:
+            * interpreter/CallFrame.h:
+            (JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
+            (JSC::DisposableCallSiteIndex::fromCallSiteIndex):
+            * jit/GCAwareJITStubRoutine.cpp:
+            (JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
+            (JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
+            (JSC::createJITStubRoutine):
+            * jit/GCAwareJITStubRoutine.h:
+            * jit/JITInlineCacheGenerator.h:
+
</ins><span class="cx"> 2019-06-13  Kocsen Chung  <kocsen_chung@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Apply patch. rdar://problem/51656841
</span></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp  2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/bytecode/CodeBlock.cpp     2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -1641,7 +1641,7 @@
</span><span class="cx">     return HandlerInfo::handlerForIndex(m_rareData->m_exceptionHandlers, index, requiredHandler);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-CallSiteIndex CodeBlock::newExceptionHandlingCallSiteIndex(CallSiteIndex originalCallSite)
</del><ins>+DisposableCallSiteIndex CodeBlock::newExceptionHandlingCallSiteIndex(CallSiteIndex originalCallSite)
</ins><span class="cx"> {
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">     RELEASE_ASSERT(JITCode::isOptimizingJIT(jitType()));
</span><span class="lines">@@ -1648,13 +1648,13 @@
</span><span class="cx">     RELEASE_ASSERT(canGetCodeOrigin(originalCallSite));
</span><span class="cx">     ASSERT(!!handlerForIndex(originalCallSite.bits()));
</span><span class="cx">     CodeOrigin originalOrigin = codeOrigin(originalCallSite);
</span><del>-    return m_jitCode->dfgCommon()->addUniqueCallSiteIndex(originalOrigin);
</del><ins>+    return m_jitCode->dfgCommon()->addDisposableCallSiteIndex(originalOrigin);
</ins><span class="cx"> #else
</span><span class="cx">     // We never create new on-the-fly exception handling
</span><span class="cx">     // call sites outside the DFG/FTL inline caches.
</span><span class="cx">     UNUSED_PARAM(originalCallSite);
</span><span class="cx">     RELEASE_ASSERT_NOT_REACHED();
</span><del>-    return CallSiteIndex(0u);
</del><ins>+    return DisposableCallSiteIndex(0u);
</ins><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -1721,7 +1721,7 @@
</span><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void CodeBlock::removeExceptionHandlerForCallSite(CallSiteIndex callSiteIndex)
</del><ins>+void CodeBlock::removeExceptionHandlerForCallSite(DisposableCallSiteIndex callSiteIndex)
</ins><span class="cx"> {
</span><span class="cx">     RELEASE_ASSERT(m_rareData);
</span><span class="cx">     Vector<HandlerInfo>& exceptionHandlers = m_rareData->m_exceptionHandlers;
</span></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCorebytecodeCodeBlockh"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/bytecode/CodeBlock.h (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/bytecode/CodeBlock.h    2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/bytecode/CodeBlock.h       2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -237,7 +237,7 @@
</span><span class="cx"> 
</span><span class="cx">     HandlerInfo* handlerForBytecodeOffset(unsigned bytecodeOffset, RequiredHandler = RequiredHandler::AnyHandler);
</span><span class="cx">     HandlerInfo* handlerForIndex(unsigned, RequiredHandler = RequiredHandler::AnyHandler);
</span><del>-    void removeExceptionHandlerForCallSite(CallSiteIndex);
</del><ins>+    void removeExceptionHandlerForCallSite(DisposableCallSiteIndex);
</ins><span class="cx">     unsigned lineNumberForBytecodeOffset(unsigned bytecodeOffset);
</span><span class="cx">     unsigned columnNumberForBytecodeOffset(unsigned bytecodeOffset);
</span><span class="cx">     void expressionRangeForBytecodeOffset(unsigned bytecodeOffset, int& divot,
</span><span class="lines">@@ -843,7 +843,7 @@
</span><span class="cx">         m_rareData->m_exceptionHandlers.append(handler);
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    CallSiteIndex newExceptionHandlingCallSiteIndex(CallSiteIndex originalCallSite);
</del><ins>+    DisposableCallSiteIndex newExceptionHandlingCallSiteIndex(CallSiteIndex originalCallSite);
</ins><span class="cx"> 
</span><span class="cx">     void ensureCatchLivenessIsComputedForBytecodeOffset(InstructionStream::Offset bytecodeOffset);
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCorebytecodePolymorphicAccesscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp  2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp     2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -163,6 +163,14 @@
</span><span class="cx">     return m_callSiteIndex;
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+DisposableCallSiteIndex AccessGenerationState::callSiteIndexForExceptionHandling()
+{
+    RELEASE_ASSERT(m_calculatedRegistersForCallAndExceptionHandling);
+    RELEASE_ASSERT(m_needsToRestoreRegistersIfException);
+    RELEASE_ASSERT(m_calculatedCallSiteIndex);
+    return DisposableCallSiteIndex::fromCallSiteIndex(m_callSiteIndex);
+}
+
</ins><span class="cx"> const HandlerInfo& AccessGenerationState::originalExceptionHandler()
</span><span class="cx"> {
</span><span class="cx">     if (!m_calculatedRegistersForCallAndExceptionHandling)
</span><span class="lines">@@ -535,7 +543,7 @@
</span><span class="cx">     failure.append(jit.jump());
</span><span class="cx"> 
</span><span class="cx">     CodeBlock* codeBlockThatOwnsExceptionHandlers = nullptr;
</span><del>-    CallSiteIndex callSiteIndexForExceptionHandling;
</del><ins>+    DisposableCallSiteIndex callSiteIndexForExceptionHandling;
</ins><span class="cx">     if (state.needsToRestoreRegistersIfException() && hasJSGetterSetterCall) {
</span><span class="cx">         // Emit the exception handler.
</span><span class="cx">         // Note that this code is only reachable when doing genericUnwind from a pure JS getter/setter .
</span><span class="lines">@@ -557,7 +565,7 @@
</span><span class="cx">         CCallHelpers::Jump jumpToOSRExitExceptionHandler = jit.jump();
</span><span class="cx"> 
</span><span class="cx">         HandlerInfo oldHandler = state.originalExceptionHandler();
</span><del>-        CallSiteIndex newExceptionHandlingCallSite = state.callSiteIndexForExceptionHandling();
</del><ins>+        DisposableCallSiteIndex newExceptionHandlingCallSite = state.callSiteIndexForExceptionHandling();
</ins><span class="cx">         jit.addLinkTask(
</span><span class="cx">             [=] (LinkBuffer& linkBuffer) {
</span><span class="cx">                 linkBuffer.link(jumpToOSRExitExceptionHandler, oldHandler.nativeCode);
</span></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCorebytecodePolymorphicAccessh"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/bytecode/PolymorphicAccess.h (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/bytecode/PolymorphicAccess.h    2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/bytecode/PolymorphicAccess.h       2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -241,13 +241,7 @@
</span><span class="cx">     const RegisterSet& liveRegistersForCall();
</span><span class="cx"> 
</span><span class="cx">     CallSiteIndex callSiteIndexForExceptionHandlingOrOriginal();
</span><del>-    CallSiteIndex callSiteIndexForExceptionHandling()
-    {
-        RELEASE_ASSERT(m_calculatedRegistersForCallAndExceptionHandling);
-        RELEASE_ASSERT(m_needsToRestoreRegistersIfException);
-        RELEASE_ASSERT(m_calculatedCallSiteIndex);
-        return m_callSiteIndex;
-    }
</del><ins>+    DisposableCallSiteIndex callSiteIndexForExceptionHandling();
</ins><span class="cx"> 
</span><span class="cx">     const HandlerInfo& originalExceptionHandler();
</span><span class="cx"> 
</span><span class="lines">@@ -271,7 +265,7 @@
</span><span class="cx">     
</span><span class="cx">     RegisterSet m_liveRegistersToPreserveAtExceptionHandlingCallSite;
</span><span class="cx">     RegisterSet m_liveRegistersForCall;
</span><del>-    CallSiteIndex m_callSiteIndex { CallSiteIndex(std::numeric_limits<unsigned>::max()) };
</del><ins>+    CallSiteIndex m_callSiteIndex;
</ins><span class="cx">     SpillState m_spillStateForJSGetterSetter;
</span><span class="cx">     bool m_calculatedRegistersForCallAndExceptionHandling : 1;
</span><span class="cx">     bool m_needsToRestoreRegistersIfException : 1;
</span></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCoredfgDFGCommonDatacpp"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/dfg/DFGCommonData.cpp (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/dfg/DFGCommonData.cpp   2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/dfg/DFGCommonData.cpp      2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -61,9 +61,6 @@
</span><span class="cx"> 
</span><span class="cx"> CallSiteIndex CommonData::addUniqueCallSiteIndex(CodeOrigin codeOrigin)
</span><span class="cx"> {
</span><del>-    if (callSiteIndexFreeList.size())
-        return CallSiteIndex(callSiteIndexFreeList.takeAny());
-
</del><span class="cx">     codeOrigins.append(codeOrigin);
</span><span class="cx">     unsigned index = codeOrigins.size() - 1;
</span><span class="cx">     ASSERT(codeOrigins[index] == codeOrigin);
</span><span class="lines">@@ -76,10 +73,26 @@
</span><span class="cx">     return CallSiteIndex(codeOrigins.size() - 1);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void CommonData::removeCallSiteIndex(CallSiteIndex callSite)
</del><ins>+DisposableCallSiteIndex CommonData::addDisposableCallSiteIndex(CodeOrigin codeOrigin)
</ins><span class="cx"> {
</span><ins>+    if (callSiteIndexFreeList.size()) {
+        unsigned index = callSiteIndexFreeList.takeAny();
+        codeOrigins[index] = codeOrigin;
+        return DisposableCallSiteIndex(index);
+    }
+
+    codeOrigins.append(codeOrigin);
+    unsigned index = codeOrigins.size() - 1;
+    ASSERT(codeOrigins[index] == codeOrigin);
+    return DisposableCallSiteIndex(index);
+}
+
+
+void CommonData::removeDisposableCallSiteIndex(DisposableCallSiteIndex callSite)
+{
</ins><span class="cx">     RELEASE_ASSERT(callSite.bits() < codeOrigins.size());
</span><span class="cx">     callSiteIndexFreeList.add(callSite.bits());
</span><ins>+    codeOrigins[callSite.bits()] = CodeOrigin();
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void CommonData::shrinkToFit()
</span></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCoredfgDFGCommonDatah"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/dfg/DFGCommonData.h (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/dfg/DFGCommonData.h     2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/dfg/DFGCommonData.h        2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -83,7 +83,9 @@
</span><span class="cx">     CallSiteIndex addCodeOrigin(CodeOrigin);
</span><span class="cx">     CallSiteIndex addUniqueCallSiteIndex(CodeOrigin);
</span><span class="cx">     CallSiteIndex lastCallSite() const;
</span><del>-    void removeCallSiteIndex(CallSiteIndex);
</del><ins>+
+    DisposableCallSiteIndex addDisposableCallSiteIndex(CodeOrigin);
+    void removeDisposableCallSiteIndex(DisposableCallSiteIndex);
</ins><span class="cx">     
</span><span class="cx">     void shrinkToFit();
</span><span class="cx">     
</span></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCoreinterpreterCallFrameh"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/interpreter/CallFrame.h (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/interpreter/CallFrame.h 2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/interpreter/CallFrame.h    2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -43,11 +43,9 @@
</span><span class="cx"> 
</span><span class="cx">     typedef ExecState CallFrame;
</span><span class="cx"> 
</span><del>-    struct CallSiteIndex {
-        CallSiteIndex()
-            : m_bits(UINT_MAX)
-        {
-        }
</del><ins>+    class CallSiteIndex {
+    public:
+        CallSiteIndex() = default;
</ins><span class="cx">         
</span><span class="cx">         explicit CallSiteIndex(uint32_t bits)
</span><span class="cx">             : m_bits(bits)
</span><span class="lines">@@ -64,9 +62,24 @@
</span><span class="cx">         inline uint32_t bits() const { return m_bits; }
</span><span class="cx"> 
</span><span class="cx">     private:
</span><del>-        uint32_t m_bits;
</del><ins>+        uint32_t m_bits { UINT_MAX };
</ins><span class="cx">     };
</span><span class="cx"> 
</span><ins>+    class DisposableCallSiteIndex : public CallSiteIndex {
+    public:
+        DisposableCallSiteIndex() = default;
+
+        explicit DisposableCallSiteIndex(uint32_t bits)
+            : CallSiteIndex(bits)
+        {
+        }
+
+        static DisposableCallSiteIndex fromCallSiteIndex(CallSiteIndex callSiteIndex)
+        {
+            return DisposableCallSiteIndex(callSiteIndex.bits());
+        }
+    };
+
</ins><span class="cx">     // arm64_32 expects caller frame and return pc to use 8 bytes 
</span><span class="cx">     struct CallerFrameAndPC {
</span><span class="cx">         alignas(CPURegister) CallFrame* callerFrame;
</span></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCorejitGCAwareJITStubRoutinecpp"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp   2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp      2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -102,7 +102,7 @@
</span><span class="cx"> 
</span><span class="cx"> GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler(
</span><span class="cx">     const MacroAssemblerCodeRef<JITStubRoutinePtrTag>& code, VM& vm,  const JSCell* owner, const Vector<JSCell*>& cells,
</span><del>-    CodeBlock* codeBlockForExceptionHandlers, CallSiteIndex exceptionHandlerCallSiteIndex)
</del><ins>+    CodeBlock* codeBlockForExceptionHandlers, DisposableCallSiteIndex exceptionHandlerCallSiteIndex)
</ins><span class="cx">     : MarkingGCAwareJITStubRoutine(code, vm, owner, cells)
</span><span class="cx">     , m_codeBlockWithExceptionHandler(codeBlockForExceptionHandlers)
</span><span class="cx">     , m_exceptionHandlerCallSiteIndex(exceptionHandlerCallSiteIndex)
</span><span class="lines">@@ -120,7 +120,7 @@
</span><span class="cx"> {
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">     if (m_codeBlockWithExceptionHandler) {
</span><del>-        m_codeBlockWithExceptionHandler->jitCode()->dfgCommon()->removeCallSiteIndex(m_exceptionHandlerCallSiteIndex);
</del><ins>+        m_codeBlockWithExceptionHandler->jitCode()->dfgCommon()->removeDisposableCallSiteIndex(m_exceptionHandlerCallSiteIndex);
</ins><span class="cx">         m_codeBlockWithExceptionHandler->removeExceptionHandlerForCallSite(m_exceptionHandlerCallSiteIndex);
</span><span class="cx">         m_codeBlockWithExceptionHandler = nullptr;
</span><span class="cx">     }
</span><span class="lines">@@ -137,7 +137,7 @@
</span><span class="cx">     bool makesCalls,
</span><span class="cx">     const Vector<JSCell*>& cells,
</span><span class="cx">     CodeBlock* codeBlockForExceptionHandlers,
</span><del>-    CallSiteIndex exceptionHandlerCallSiteIndex)
</del><ins>+    DisposableCallSiteIndex exceptionHandlerCallSiteIndex)
</ins><span class="cx"> {
</span><span class="cx">     if (!makesCalls)
</span><span class="cx">         return adoptRef(*new JITStubRoutine(code));
</span></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCorejitGCAwareJITStubRoutineh"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h     2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h        2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -89,12 +89,12 @@
</span><span class="cx"> 
</span><span class="cx"> // The stub has exception handlers in it. So it clears itself from exception
</span><span class="cx"> // handling table when it dies. It also frees space in CodeOrigin table
</span><del>-// for new exception handlers to use the same CallSiteIndex.
</del><ins>+// for new exception handlers to use the same DisposableCallSiteIndex.
</ins><span class="cx"> class GCAwareJITStubRoutineWithExceptionHandler : public MarkingGCAwareJITStubRoutine {
</span><span class="cx"> public:
</span><span class="cx">     typedef GCAwareJITStubRoutine Base;
</span><span class="cx"> 
</span><del>-    GCAwareJITStubRoutineWithExceptionHandler(const MacroAssemblerCodeRef<JITStubRoutinePtrTag>&, VM&, const JSCell* owner, const Vector<JSCell*>&, CodeBlock*, CallSiteIndex);
</del><ins>+    GCAwareJITStubRoutineWithExceptionHandler(const MacroAssemblerCodeRef<JITStubRoutinePtrTag>&, VM&, const JSCell* owner, const Vector<JSCell*>&, CodeBlock*, DisposableCallSiteIndex);
</ins><span class="cx"> 
</span><span class="cx">     void aboutToDie() override;
</span><span class="cx">     void observeZeroRefCount() override;
</span><span class="lines">@@ -101,7 +101,7 @@
</span><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     CodeBlock* m_codeBlockWithExceptionHandler;
</span><del>-    CallSiteIndex m_exceptionHandlerCallSiteIndex;
</del><ins>+    DisposableCallSiteIndex m_exceptionHandlerCallSiteIndex;
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> // Helper for easily creating a GC-aware JIT stub routine. For the varargs,
</span><span class="lines">@@ -126,7 +126,7 @@
</span><span class="cx"> Ref<JITStubRoutine> createJITStubRoutine(
</span><span class="cx">     const MacroAssemblerCodeRef<JITStubRoutinePtrTag>&, VM&, const JSCell* owner, bool makesCalls,
</span><span class="cx">     const Vector<JSCell*>& = { }, 
</span><del>-    CodeBlock* codeBlockForExceptionHandlers = nullptr, CallSiteIndex exceptionHandlingCallSiteIndex = CallSiteIndex(std::numeric_limits<unsigned>::max()));
</del><ins>+    CodeBlock* codeBlockForExceptionHandlers = nullptr, DisposableCallSiteIndex exceptionHandlingCallSiteIndex = DisposableCallSiteIndex());
</ins><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchessafari607branchSourceJavaScriptCorejitJITInlineCacheGeneratorh"></a>
<div class="modfile"><h4>Modified: branches/safari-607-branch/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h (246744 => 246745)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-607-branch/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h   2019-06-24 18:49:09 UTC (rev 246744)
+++ branches/safari-607-branch/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h      2019-06-24 18:52:38 UTC (rev 246745)
</span><span class="lines">@@ -35,11 +35,10 @@
</span><span class="cx"> 
</span><span class="cx"> namespace JSC {
</span><span class="cx"> 
</span><ins>+class CallSiteIndex;
</ins><span class="cx"> class CodeBlock;
</span><span class="cx"> class StructureStubInfo;
</span><span class="cx"> 
</span><del>-struct CallSiteIndex;
-
</del><span class="cx"> enum class AccessType : int8_t;
</span><span class="cx"> 
</span><span class="cx"> class JITInlineCacheGenerator {
</span></span></pre>
</div>
</div>

</body>
</html>