<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[248237] releases/WebKitGTK/webkit-2.24</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/248237">248237</a></dd>
<dt>Author</dt> <dd>mcatanzaro@igalia.com</dd>
<dt>Date</dt> <dd>2019-08-03 20:23:25 -0700 (Sat, 03 Aug 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/246505">r246505</a> - [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
https://bugs.webkit.org/show_bug.cgi?id=197378

Reviewed by Saam Barati.

JSTests:

* stress/disposable-call-site-index-with-call-and-this.js: Added.
(foo):
(bar):
* stress/disposable-call-site-index.js: Added.
(foo):
(bar):

Source/JavaScriptCore:

Some of CallSiteIndex are disposable. This is because some of CallSiteIndex are allocated and freed at runtime (not DFG/FTL compile time).
The example is CallSiteIndex for exception handler in GCAwareJITStubRoutineWithExceptionHandler. If we do not allocate and free CallSiteIndex,
we will create a new CallSiteIndex continuously and leak memory.

The other CallSiteIndex are not simply disposable because the ownership model is not unique one. They can be shared between multiple clients.
But not disposing them is OK because they are static one: they are allocated when compiling DFG/FTL, and we do not allocate such CallSiteIndex
at runtime.

To make this difference explicit and avoid disposing non-disposable CallSiteIndex accidentally, we introduce DisposableCallSiteIndex type, and
enforce type-safety to some degree.

We also correctly update the DisposableCallSiteIndex => CodeOrigin table when we are reusing the previously used DisposableCallSiteIndex.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::newExceptionHandlingCallSiteIndex):
(JSC::CodeBlock::removeExceptionHandlerForCallSite):
* bytecode/CodeBlock.h:
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
(JSC::PolymorphicAccess::regenerate):
* bytecode/PolymorphicAccess.h:
(JSC::AccessGenerationState::callSiteIndexForExceptionHandling): Deleted.
* dfg/DFGCommonData.cpp:
(JSC::DFG::CommonData::addUniqueCallSiteIndex):
(JSC::DFG::CommonData::addDisposableCallSiteIndex):
(JSC::DFG::CommonData::removeDisposableCallSiteIndex):
(JSC::DFG::CommonData::removeCallSiteIndex): Deleted.
* dfg/DFGCommonData.h:
* interpreter/CallFrame.h:
(JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
(JSC::DisposableCallSiteIndex::fromCallSiteIndex):
* jit/GCAwareJITStubRoutine.cpp:
(JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
(JSC::createJITStubRoutine):
* jit/GCAwareJITStubRoutine.h:
* jit/JITInlineCacheGenerator.h:</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit224JSTestsChangeLog">releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreChangeLog">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit224JSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog (248236 => 248237)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog 2019-08-04 03:23:23 UTC (rev 248236)
+++ releases/WebKitGTK/webkit-2.24/JSTests/ChangeLog    2019-08-04 03:23:25 UTC (rev 248237)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2019-06-17  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
+        https://bugs.webkit.org/show_bug.cgi?id=197378
+
+        Reviewed by Saam Barati.
+
+        * stress/disposable-call-site-index-with-call-and-this.js: Added.
+        (foo):
+        (bar):
+        * stress/disposable-call-site-index.js: Added.
+        (foo):
+        (bar):
+
</ins><span class="cx"> 2019-06-12  Yusuke Suzuki  <ysuzuki@apple.com>
</span><span class="cx"> 
</span><span class="cx">         [JSC] Polymorphic call stub's slow path should restore callee saves before performing tail call
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog (248236 => 248237)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog   2019-08-04 03:23:23 UTC (rev 248236)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog      2019-08-04 03:23:25 UTC (rev 248237)
</span><span class="lines">@@ -1,3 +1,48 @@
</span><ins>+2019-06-17  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
+        https://bugs.webkit.org/show_bug.cgi?id=197378
+
+        Reviewed by Saam Barati.
+
+        Some of CallSiteIndex are disposable. This is because some of CallSiteIndex are allocated and freed at runtime (not DFG/FTL compile time).
+        The example is CallSiteIndex for exception handler in GCAwareJITStubRoutineWithExceptionHandler. If we do not allocate and free CallSiteIndex,
+        we will create a new CallSiteIndex continuously and leak memory.
+
+        The other CallSiteIndex are not simply disposable because the ownership model is not unique one. They can be shared between multiple clients.
+        But not disposing them is OK because they are static one: they are allocated when compiling DFG/FTL, and we do not allocate such CallSiteIndex
+        at runtime.
+
+        To make this difference explicit and avoid disposing non-disposable CallSiteIndex accidentally, we introduce DisposableCallSiteIndex type, and
+        enforce type-safety to some degree.
+
+        We also correctly update the DisposableCallSiteIndex => CodeOrigin table when we are reusing the previously used DisposableCallSiteIndex.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::newExceptionHandlingCallSiteIndex):
+        (JSC::CodeBlock::removeExceptionHandlerForCallSite):
+        * bytecode/CodeBlock.h:
+        * bytecode/PolymorphicAccess.cpp:
+        (JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
+        (JSC::PolymorphicAccess::regenerate):
+        * bytecode/PolymorphicAccess.h:
+        (JSC::AccessGenerationState::callSiteIndexForExceptionHandling): Deleted.
+        * dfg/DFGCommonData.cpp:
+        (JSC::DFG::CommonData::addUniqueCallSiteIndex):
+        (JSC::DFG::CommonData::addDisposableCallSiteIndex):
+        (JSC::DFG::CommonData::removeDisposableCallSiteIndex):
+        (JSC::DFG::CommonData::removeCallSiteIndex): Deleted.
+        * dfg/DFGCommonData.h:
+        * interpreter/CallFrame.h:
+        (JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
+        (JSC::DisposableCallSiteIndex::fromCallSiteIndex):
+        * jit/GCAwareJITStubRoutine.cpp:
+        (JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
+        (JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
+        (JSC::createJITStubRoutine):
+        * jit/GCAwareJITStubRoutine.h:
+        * jit/JITInlineCacheGenerator.h:
+
</ins><span class="cx"> 2019-06-12  Yusuke Suzuki  <ysuzuki@apple.com>
</span><span class="cx"> 
</span><span class="cx">         [JSC] Polymorphic call stub's slow path should restore callee saves before performing tail call
</span></span></pre>
</div>
</div>

</body>
</html>