<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[266359] trunk/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/266359">266359</a></dd>
<dt>Author</dt> <dd>ysuzuki@apple.com</dd>
<dt>Date</dt> <dd>2020-08-31 10:43:02 -0700 (Mon, 31 Aug 2020)</dd>
</dl>

<h3>Log Message</h3>
<pre>[JSC] StructureStubInfo / CallLinkInfo / ByValInfo should set CodeOrigin or BytecodeIndex at construction
https://bugs.webkit.org/show_bug.cgi?id=215987
<rdar://problem/66370323>

Reviewed by Mark Lam.

We had race condition during construction of StructureStubInfo and CodeOrigin field setting.

    1. The thread creates StructureStubInfo by calling CodeBlock::addStubInfo. This is guarded by the lock. But at this point we are not setting StructureStubInfo::codeOrigin.
    2. Then (1)'s thread attempts to set StructureStubInfo::codeOrigin. But at this point, it is not guarded by the lock.
    3. Before (2) is executed, DFG ByteCodeParser calls CodeBlock::getICStatusMap. It creates HashMap<CodeOrigin, StructureStubInfo*>.
    4. Since StructureStubInfo*'s codeOrigin is not configured yet, (3) sees invalid CodeOrigin. And storing invalid CodeOrigin as a HashMap key is not correct.

We should configure CodeOrigin at construction of StructureStubInfo, which is guarded by the lock. We have the same problem for CallLinkInfo and ByValInfo. This patch fixes them.
To reproduce this, we need to execute a script 2~ days repeatedly. So it is difficult to add a test.

* bytecode/AccessCase.cpp:
(JSC::AccessCase::generateImpl):
* bytecode/ByValInfo.h:
(JSC::ByValInfo::ByValInfo):
(JSC::ByValInfo::setUp):
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::CallLinkInfo):
* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::setUpCall):
(JSC::CallLinkInfo::setCodeOrigin): Deleted.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::addStubInfo):
(JSC::CodeBlock::addByValInfo):
(JSC::CodeBlock::addCallLinkInfo):
* bytecode/CodeBlock.h:
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::StructureStubInfo):
* bytecode/StructureStubInfo.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToB3::compileDirectCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
* jit/JIT.cpp:
(JSC::JIT::link):
* jit/JITCall.cpp:
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCall):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCall):
* jit/JITInlineCacheGenerator.cpp:
(JSC::garbageStubInfo):
(JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_has_indexed_property):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_has_indexed_property):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_by_val):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_by_val):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeAccessCasecpp">trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeByValInfoh">trunk/Source/JavaScriptCore/bytecode/ByValInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCallLinkInfocpp">trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCallLinkInfoh">trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockh">trunk/Source/JavaScriptCore/bytecode/CodeBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeStructureStubInfocpp">trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeStructureStubInfoh">trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITcpp">trunk/Source/JavaScriptCore/jit/JIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITCallcpp">trunk/Source/JavaScriptCore/jit/JITCall.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITCall32_64cpp">trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITInlineCacheGeneratorcpp">trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOpcodescpp">trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOpcodes32_64cpp">trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITPropertyAccesscpp">trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITPropertyAccess32_64cpp">trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsWasmToJScpp">trunk/Source/JavaScriptCore/wasm/js/WasmToJS.cpp</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog    2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/ChangeLog       2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -1,3 +1,72 @@
</span><ins>+2020-08-31  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] StructureStubInfo / CallLinkInfo / ByValInfo should set CodeOrigin or BytecodeIndex at construction
+        https://bugs.webkit.org/show_bug.cgi?id=215987
+        <rdar://problem/66370323>
+
+        Reviewed by Mark Lam.
+
+        We had race condition during construction of StructureStubInfo and CodeOrigin field setting.
+
+            1. The thread creates StructureStubInfo by calling CodeBlock::addStubInfo. This is guarded by the lock. But at this point we are not setting StructureStubInfo::codeOrigin.
+            2. Then (1)'s thread attempts to set StructureStubInfo::codeOrigin. But at this point, it is not guarded by the lock.
+            3. Before (2) is executed, DFG ByteCodeParser calls CodeBlock::getICStatusMap. It creates HashMap<CodeOrigin, StructureStubInfo*>.
+            4. Since StructureStubInfo*'s codeOrigin is not configured yet, (3) sees invalid CodeOrigin. And storing invalid CodeOrigin as a HashMap key is not correct.
+
+        We should configure CodeOrigin at construction of StructureStubInfo, which is guarded by the lock. We have the same problem for CallLinkInfo and ByValInfo. This patch fixes them.
+        To reproduce this, we need to execute a script 2~ days repeatedly. So it is difficult to add a test.
+
+        * bytecode/AccessCase.cpp:
+        (JSC::AccessCase::generateImpl):
+        * bytecode/ByValInfo.h:
+        (JSC::ByValInfo::ByValInfo):
+        (JSC::ByValInfo::setUp):
+        * bytecode/CallLinkInfo.cpp:
+        (JSC::CallLinkInfo::CallLinkInfo):
+        * bytecode/CallLinkInfo.h:
+        (JSC::CallLinkInfo::setUpCall):
+        (JSC::CallLinkInfo::setCodeOrigin): Deleted.
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::addStubInfo):
+        (JSC::CodeBlock::addByValInfo):
+        (JSC::CodeBlock::addCallLinkInfo):
+        * bytecode/CodeBlock.h:
+        * bytecode/StructureStubInfo.cpp:
+        (JSC::StructureStubInfo::StructureStubInfo):
+        * bytecode/StructureStubInfo.h:
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::emitCall):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::emitCall):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
+        (JSC::FTL::DFG::LowerDFGToB3::compileDirectCallOrConstruct):
+        (JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
+        (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
+        (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
+        (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
+        * jit/JIT.cpp:
+        (JSC::JIT::link):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileCallEvalSlowCase):
+        (JSC::JIT::compileOpCall):
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::compileCallEvalSlowCase):
+        (JSC::JIT::compileOpCall):
+        * jit/JITInlineCacheGenerator.cpp:
+        (JSC::garbageStubInfo):
+        (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_has_indexed_property):
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::emit_op_has_indexed_property):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_put_by_val):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::emit_op_put_by_val):
+        * wasm/js/WasmToJS.cpp:
+        (JSC::Wasm::wasmToJS):
+
</ins><span class="cx"> 2020-08-30  Yusuke Suzuki  <ysuzuki@apple.com>
</span><span class="cx"> 
</span><span class="cx">         [JSC] @defaultPromiseThen fast path should check species constructor
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeAccessCasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp      2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp 2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -1582,7 +1582,7 @@
</span><span class="cx">             state.setSpillStateForJSGetterSetter(spillState);
</span><span class="cx"> 
</span><span class="cx">             RELEASE_ASSERT(!access.callLinkInfo());
</span><del>-            CallLinkInfo* callLinkInfo = state.m_callLinkInfos.add();
</del><ins>+            CallLinkInfo* callLinkInfo = state.m_callLinkInfos.add(stubInfo.codeOrigin);
</ins><span class="cx">             access.m_callLinkInfo = callLinkInfo;
</span><span class="cx"> 
</span><span class="cx">             // FIXME: If we generated a polymorphic call stub that jumped back to the getter
</span><span class="lines">@@ -1595,7 +1595,7 @@
</span><span class="cx">             // https://bugs.webkit.org/show_bug.cgi?id=148914
</span><span class="cx">             callLinkInfo->disallowStubs();
</span><span class="cx"> 
</span><del>-            callLinkInfo->setUpCall(CallLinkInfo::Call, stubInfo.codeOrigin, loadedValueGPR);
</del><ins>+            callLinkInfo->setUpCall(CallLinkInfo::Call, loadedValueGPR);
</ins><span class="cx"> 
</span><span class="cx">             CCallHelpers::JumpList done;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeByValInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/ByValInfo.h (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/ByValInfo.h 2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/bytecode/ByValInfo.h    2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -225,23 +225,25 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> struct ByValInfo {
</span><del>-    ByValInfo() { }
</del><ins>+    ByValInfo(BytecodeIndex bytecodeIndex)
+        : bytecodeIndex(bytecodeIndex)
+    {
+    }
</ins><span class="cx"> 
</span><del>-    ByValInfo(BytecodeIndex bytecodeIndex, CodeLocationJump<JSInternalPtrTag> notIndexJump, CodeLocationJump<JSInternalPtrTag> badTypeJump, CodeLocationLabel<ExceptionHandlerPtrTag> exceptionHandler, JITArrayMode arrayMode, ArrayProfile* arrayProfile, CodeLocationLabel<JSInternalPtrTag> doneTarget, CodeLocationLabel<JSInternalPtrTag> badTypeNextHotPathTarget, CodeLocationLabel<JSInternalPtrTag> slowPathTarget)
-        : notIndexJump(notIndexJump)
-        , badTypeJump(badTypeJump)
-        , exceptionHandler(exceptionHandler)
-        , doneTarget(doneTarget)
-        , badTypeNextHotPathTarget(badTypeNextHotPathTarget)
-        , slowPathTarget(slowPathTarget)
-        , arrayProfile(arrayProfile)
-        , bytecodeIndex(bytecodeIndex)
-        , slowPathCount(0)
-        , stubInfo(nullptr)
-        , arrayMode(arrayMode)
-        , tookSlowPath(false)
-        , seen(false)
</del><ins>+    void setUp(CodeLocationJump<JSInternalPtrTag> notIndexJump, CodeLocationJump<JSInternalPtrTag> badTypeJump, CodeLocationLabel<ExceptionHandlerPtrTag> exceptionHandler, JITArrayMode arrayMode, ArrayProfile* arrayProfile, CodeLocationLabel<JSInternalPtrTag> doneTarget, CodeLocationLabel<JSInternalPtrTag> badTypeNextHotPathTarget, CodeLocationLabel<JSInternalPtrTag> slowPathTarget)
</ins><span class="cx">     {
</span><ins>+        this->notIndexJump = notIndexJump;
+        this->badTypeJump = badTypeJump;
+        this->exceptionHandler = exceptionHandler;
+        this->doneTarget = doneTarget;
+        this->badTypeNextHotPathTarget = badTypeNextHotPathTarget;
+        this->slowPathTarget = slowPathTarget;
+        this->arrayProfile = arrayProfile;
+        this->slowPathCount = 0;
+        this->stubInfo = nullptr;
+        this->arrayMode = arrayMode;
+        this->tookSlowPath = false;
+        this->seen = false;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     void visitAggregate(SlotVisitor&);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCallLinkInfocpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp    2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp       2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -68,8 +68,9 @@
</span><span class="cx">     return Call;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-CallLinkInfo::CallLinkInfo()
-    : m_hasSeenShouldRepatch(false)
</del><ins>+CallLinkInfo::CallLinkInfo(CodeOrigin codeOrigin)
+    : m_codeOrigin(codeOrigin)
+    , m_hasSeenShouldRepatch(false)
</ins><span class="cx">     , m_hasSeenClosure(false)
</span><span class="cx">     , m_clearedByGC(false)
</span><span class="cx">     , m_clearedByVirtual(false)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCallLinkInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.h (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.h      2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.h 2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -71,7 +71,7 @@
</span><span class="cx">         }
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    CallLinkInfo();
</del><ins>+    CallLinkInfo(CodeOrigin);
</ins><span class="cx">         
</span><span class="cx">     ~CallLinkInfo();
</span><span class="cx">     
</span><span class="lines">@@ -157,10 +157,9 @@
</span><span class="cx">     bool isLinked() const { return m_stub || m_calleeOrCodeBlock; }
</span><span class="cx">     void unlink(VM&);
</span><span class="cx"> 
</span><del>-    void setUpCall(CallType callType, CodeOrigin codeOrigin, GPRReg calleeGPR)
</del><ins>+    void setUpCall(CallType callType, GPRReg calleeGPR)
</ins><span class="cx">     {
</span><span class="cx">         m_callType = callType;
</span><del>-        m_codeOrigin = codeOrigin;
</del><span class="cx">         m_calleeGPR = calleeGPR;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -322,11 +321,6 @@
</span><span class="cx">         return m_slowPathCount;
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    void setCodeOrigin(CodeOrigin codeOrigin)
-    {
-        m_codeOrigin = codeOrigin;
-    }
-
</del><span class="cx">     CodeOrigin codeOrigin()
</span><span class="cx">     {
</span><span class="cx">         return m_codeOrigin;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp       2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp  2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -1582,10 +1582,10 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> #if ENABLE(JIT)
</span><del>-StructureStubInfo* CodeBlock::addStubInfo(AccessType accessType)
</del><ins>+StructureStubInfo* CodeBlock::addStubInfo(AccessType accessType, CodeOrigin codeOrigin)
</ins><span class="cx"> {
</span><span class="cx">     ConcurrentJSLocker locker(m_lock);
</span><del>-    return ensureJITData(locker).m_stubInfos.add(accessType);
</del><ins>+    return ensureJITData(locker).m_stubInfos.add(accessType, codeOrigin);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> JITAddIC* CodeBlock::addJITAddIC(BinaryArithProfile* arithProfile)
</span><span class="lines">@@ -1636,16 +1636,16 @@
</span><span class="cx">     return nullptr;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-ByValInfo* CodeBlock::addByValInfo()
</del><ins>+ByValInfo* CodeBlock::addByValInfo(BytecodeIndex bytecodeIndex)
</ins><span class="cx"> {
</span><span class="cx">     ConcurrentJSLocker locker(m_lock);
</span><del>-    return ensureJITData(locker).m_byValInfos.add();
</del><ins>+    return ensureJITData(locker).m_byValInfos.add(bytecodeIndex);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-CallLinkInfo* CodeBlock::addCallLinkInfo()
</del><ins>+CallLinkInfo* CodeBlock::addCallLinkInfo(CodeOrigin codeOrigin)
</ins><span class="cx"> {
</span><span class="cx">     ConcurrentJSLocker locker(m_lock);
</span><del>-    return ensureJITData(locker).m_callLinkInfos.add();
</del><ins>+    return ensureJITData(locker).m_callLinkInfos.add(codeOrigin);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> CallLinkInfo* CodeBlock::getCallLinkInfoForBytecodeIndex(BytecodeIndex index)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.h (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.h 2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.h    2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -308,7 +308,7 @@
</span><span class="cx">     template <typename Generator, typename = typename std::enable_if<std::is_same<Generator, JITSubGenerator>::value>::type>
</span><span class="cx">     JITSubIC* addMathIC(BinaryArithProfile* profile) { return addJITSubIC(profile); }
</span><span class="cx"> 
</span><del>-    StructureStubInfo* addStubInfo(AccessType);
</del><ins>+    StructureStubInfo* addStubInfo(AccessType, CodeOrigin);
</ins><span class="cx"> 
</span><span class="cx">     // O(n) operation. Use getICStatusMap() unless you really only intend to get one stub info.
</span><span class="cx">     StructureStubInfo* findStubInfo(CodeOrigin);
</span><span class="lines">@@ -315,9 +315,9 @@
</span><span class="cx">     // O(n) operation. Use getICStatusMap() unless you really only intend to get one by-val-info.
</span><span class="cx">     ByValInfo* findByValInfo(CodeOrigin);
</span><span class="cx"> 
</span><del>-    ByValInfo* addByValInfo();
</del><ins>+    ByValInfo* addByValInfo(BytecodeIndex);
</ins><span class="cx"> 
</span><del>-    CallLinkInfo* addCallLinkInfo();
</del><ins>+    CallLinkInfo* addCallLinkInfo(CodeOrigin);
</ins><span class="cx"> 
</span><span class="cx">     // This is a slow function call used primarily for compiling OSR exits in the case
</span><span class="cx">     // that there had been inlining. Chances are if you want to use this, you're really
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeStructureStubInfocpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp       2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp  2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -38,8 +38,9 @@
</span><span class="cx"> static constexpr bool verbose = false;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-StructureStubInfo::StructureStubInfo(AccessType accessType)
-    : accessType(accessType)
</del><ins>+StructureStubInfo::StructureStubInfo(AccessType accessType, CodeOrigin codeOrigin)
+    : codeOrigin(codeOrigin)
+    , accessType(accessType)
</ins><span class="cx">     , bufferingCountdown(Options::repatchBufferingCountdown())
</span><span class="cx">     , resetByGC(false)
</span><span class="cx">     , tookSlowPath(false)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeStructureStubInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h 2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h    2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -75,7 +75,7 @@
</span><span class="cx">     WTF_MAKE_NONCOPYABLE(StructureStubInfo);
</span><span class="cx">     WTF_MAKE_FAST_ALLOCATED;
</span><span class="cx"> public:
</span><del>-    StructureStubInfo(AccessType);
</del><ins>+    StructureStubInfo(AccessType, CodeOrigin);
</ins><span class="cx">     ~StructureStubInfo();
</span><span class="cx"> 
</span><span class="cx">     void initGetByIdSelf(const ConcurrentJSLockerBase&, CodeBlock*, Structure* baseObjectStructure, PropertyOffset, CacheableIdentifier);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp       2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp  2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -781,8 +781,8 @@
</span><span class="cx">         isEmulatedTail ? *staticInlineCallFrame->getCallerSkippingTailCalls() : staticOrigin;
</span><span class="cx">     CallSiteIndex callSite = m_jit.recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded(dynamicOrigin, m_stream->size());
</span><span class="cx">     
</span><del>-    CallLinkInfo* info = m_jit.codeBlock()->addCallLinkInfo();
-    info->setUpCall(callType, node->origin.semantic, calleePayloadGPR);
</del><ins>+    CallLinkInfo* info = m_jit.codeBlock()->addCallLinkInfo(node->origin.semantic);
+    info->setUpCall(callType, calleePayloadGPR);
</ins><span class="cx">     
</span><span class="cx">     auto setResultAndResetStack = [&] () {
</span><span class="cx">         JSValueRegsFlushedCallResult result(this);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp  2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp     2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -787,8 +787,8 @@
</span><span class="cx">         m_jit.addPtr(TrustedImm32(m_jit.graph().stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, JITCompiler::stackPointerRegister);
</span><span class="cx">     };
</span><span class="cx">     
</span><del>-    CallLinkInfo* callLinkInfo = m_jit.codeBlock()->addCallLinkInfo();
-    callLinkInfo->setUpCall(callType, m_currentNode->origin.semantic, calleeGPR);
</del><ins>+    CallLinkInfo* callLinkInfo = m_jit.codeBlock()->addCallLinkInfo(m_currentNode->origin.semantic);
+    callLinkInfo->setUpCall(callType, calleeGPR);
</ins><span class="cx"> 
</span><span class="cx">     if (node->op() == CallEval) {
</span><span class="cx">         // We want to call operationCallEval but we don't want to overwrite the parameter area in
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp      2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -9369,7 +9369,7 @@
</span><span class="cx">                     CCallHelpers::TrustedImm32(callSiteIndex.bits()),
</span><span class="cx">                     CCallHelpers::tagFor(VirtualRegister(CallFrameSlot::argumentCountIncludingThis)));
</span><span class="cx"> 
</span><del>-                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo();
</del><ins>+                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo(node->origin.semantic);
</ins><span class="cx"> 
</span><span class="cx">                 CCallHelpers::DataLabelPtr targetToCheck;
</span><span class="cx">                 CCallHelpers::Jump slowPath = jit.branchPtrWithPatch(
</span><span class="lines">@@ -9387,8 +9387,7 @@
</span><span class="cx">                 done.link(&jit);
</span><span class="cx"> 
</span><span class="cx">                 callLinkInfo->setUpCall(
</span><del>-                    node->op() == Construct ? CallLinkInfo::Construct : CallLinkInfo::Call,
-                    node->origin.semantic, GPRInfo::regT0);
</del><ins>+                    node->op() == Construct ? CallLinkInfo::Construct : CallLinkInfo::Call, GPRInfo::regT0);
</ins><span class="cx"> 
</span><span class="cx">                 jit.addPtr(
</span><span class="cx">                     CCallHelpers::TrustedImm32(-params.proc().frameSize()),
</span><span class="lines">@@ -9510,7 +9509,7 @@
</span><span class="cx">                     shuffleData.numPassedArgs = numPassedArgs;
</span><span class="cx">                     shuffleData.setupCalleeSaveRegisters(jit.codeBlock());
</span><span class="cx">                     
</span><del>-                    CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo();
</del><ins>+                    CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo(node->origin.semantic);
</ins><span class="cx">                     
</span><span class="cx">                     CCallHelpers::PatchableJump patchableJump = jit.patchableJump();
</span><span class="cx">                     CCallHelpers::Label mainPath = jit.label();
</span><span class="lines">@@ -9534,8 +9533,7 @@
</span><span class="cx">                         InvalidGPRReg, CCallHelpers::TrustedImmPtr(callLinkInfo), calleeGPR).call();
</span><span class="cx">                     jit.jump().linkTo(mainPath, &jit);
</span><span class="cx">                     
</span><del>-                    callLinkInfo->setUpCall(
-                        CallLinkInfo::DirectTailCall, node->origin.semantic, InvalidGPRReg);
</del><ins>+                    callLinkInfo->setUpCall(CallLinkInfo::DirectTailCall, InvalidGPRReg);
</ins><span class="cx">                     callLinkInfo->setExecutableDuringCompilation(executable);
</span><span class="cx">                     if (numAllocatedArgs > numPassedArgs)
</span><span class="cx">                         callLinkInfo->setMaxArgumentCountIncludingThis(numAllocatedArgs);
</span><span class="lines">@@ -9554,7 +9552,7 @@
</span><span class="cx">                     return;
</span><span class="cx">                 }
</span><span class="cx">                 
</span><del>-                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo();
</del><ins>+                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo(node->origin.semantic);
</ins><span class="cx">                 
</span><span class="cx">                 CCallHelpers::Label mainPath = jit.label();
</span><span class="cx"> 
</span><span class="lines">@@ -9568,8 +9566,7 @@
</span><span class="cx">                     GPRInfo::callFrameRegister, CCallHelpers::stackPointerRegister);
</span><span class="cx">                 
</span><span class="cx">                 callLinkInfo->setUpCall(
</span><del>-                    isConstruct ? CallLinkInfo::DirectConstruct : CallLinkInfo::DirectCall,
-                    node->origin.semantic, InvalidGPRReg);
</del><ins>+                    isConstruct ? CallLinkInfo::DirectConstruct : CallLinkInfo::DirectCall, InvalidGPRReg);
</ins><span class="cx">                 callLinkInfo->setExecutableDuringCompilation(executable);
</span><span class="cx">                 if (numAllocatedArgs > numPassedArgs)
</span><span class="cx">                     callLinkInfo->setMaxArgumentCountIncludingThis(numAllocatedArgs);
</span><span class="lines">@@ -9689,7 +9686,7 @@
</span><span class="cx">                 
</span><span class="cx">                 shuffleData.setupCalleeSaveRegisters(jit.codeBlock());
</span><span class="cx"> 
</span><del>-                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo();
</del><ins>+                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo(codeOrigin);
</ins><span class="cx"> 
</span><span class="cx">                 CCallHelpers::DataLabelPtr targetToCheck;
</span><span class="cx">                 CCallHelpers::Jump slowPath = jit.branchPtrWithPatch(
</span><span class="lines">@@ -9713,7 +9710,7 @@
</span><span class="cx"> 
</span><span class="cx">                 jit.abortWithReason(JITDidReturnFromTailCall);
</span><span class="cx"> 
</span><del>-                callLinkInfo->setUpCall(CallLinkInfo::TailCall, codeOrigin, GPRInfo::regT0);
</del><ins>+                callLinkInfo->setUpCall(CallLinkInfo::TailCall, GPRInfo::regT0);
</ins><span class="cx"> 
</span><span class="cx">                 jit.addLinkTask(
</span><span class="cx">                     [=] (LinkBuffer& linkBuffer) {
</span><span class="lines">@@ -9824,7 +9821,7 @@
</span><span class="cx">                     CCallHelpers::TrustedImm32(callSiteIndex.bits()),
</span><span class="cx">                     CCallHelpers::tagFor(VirtualRegister(CallFrameSlot::argumentCountIncludingThis)));
</span><span class="cx"> 
</span><del>-                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo();
</del><ins>+                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo(node->origin.semantic);
</ins><span class="cx"> 
</span><span class="cx">                 RegisterSet usedRegisters = RegisterSet::allRegisters();
</span><span class="cx">                 usedRegisters.exclude(RegisterSet::volatileRegistersForJSCall());
</span><span class="lines">@@ -10009,7 +10006,7 @@
</span><span class="cx">                 else
</span><span class="cx">                     done.link(&jit);
</span><span class="cx">                 
</span><del>-                callLinkInfo->setUpCall(callType, node->origin.semantic, GPRInfo::regT0);
</del><ins>+                callLinkInfo->setUpCall(callType, GPRInfo::regT0);
</ins><span class="cx"> 
</span><span class="cx">                 jit.addPtr(
</span><span class="cx">                     CCallHelpers::TrustedImm32(-originalStackHeight),
</span><span class="lines">@@ -10126,7 +10123,7 @@
</span><span class="cx">                     CCallHelpers::TrustedImm32(callSiteIndex.bits()),
</span><span class="cx">                     CCallHelpers::tagFor(VirtualRegister(CallFrameSlot::argumentCountIncludingThis)));
</span><span class="cx"> 
</span><del>-                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo();
</del><ins>+                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo(node->origin.semantic);
</ins><span class="cx">                 CallVarargsData* data = node->callVarargsData();
</span><span class="cx"> 
</span><span class="cx">                 unsigned argIndex = 1;
</span><span class="lines">@@ -10295,7 +10292,7 @@
</span><span class="cx">                 else
</span><span class="cx">                     done.link(&jit);
</span><span class="cx">                 
</span><del>-                callLinkInfo->setUpCall(callType, node->origin.semantic, GPRInfo::regT0);
</del><ins>+                callLinkInfo->setUpCall(callType, GPRInfo::regT0);
</ins><span class="cx">                 
</span><span class="cx">                 jit.addPtr(
</span><span class="cx">                     CCallHelpers::TrustedImm32(-originalStackHeight),
</span><span class="lines">@@ -10379,8 +10376,8 @@
</span><span class="cx">                     CCallHelpers::TrustedImm32(callSiteIndex.bits()),
</span><span class="cx">                     CCallHelpers::tagFor(VirtualRegister(CallFrameSlot::argumentCountIncludingThis)));
</span><span class="cx">                 
</span><del>-                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo();
-                callLinkInfo->setUpCall(CallLinkInfo::Call, node->origin.semantic, GPRInfo::regT0);
</del><ins>+                CallLinkInfo* callLinkInfo = jit.codeBlock()->addCallLinkInfo(node->origin.semantic);
+                callLinkInfo->setUpCall(CallLinkInfo::Call, GPRInfo::regT0);
</ins><span class="cx">                 
</span><span class="cx">                 jit.addPtr(CCallHelpers::TrustedImm32(-static_cast<ptrdiff_t>(sizeof(CallerFrameAndPC))), CCallHelpers::stackPointerRegister, GPRInfo::regT1);
</span><span class="cx">                 jit.storePtr(GPRInfo::callFrameRegister, CCallHelpers::Address(GPRInfo::regT1, CallFrame::callerFrameOffset()));
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JIT.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JIT.cpp  2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/jit/JIT.cpp     2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -907,8 +907,7 @@
</span><span class="cx">             auto nextHotPathTarget = CodeLocationLabel<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(byValCompilationInfo.nextHotPathTarget));
</span><span class="cx">             auto slowPathTarget = CodeLocationLabel<JSInternalPtrTag>(patchBuffer.locationOf<JSInternalPtrTag>(byValCompilationInfo.slowPathTarget));
</span><span class="cx"> 
</span><del>-            *byValCompilationInfo.byValInfo = ByValInfo(
-                byValCompilationInfo.bytecodeIndex,
</del><ins>+            byValCompilationInfo.byValInfo->setUp(
</ins><span class="cx">                 notIndexJump,
</span><span class="cx">                 badTypeJump,
</span><span class="cx">                 exceptionHandler,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITCallcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITCall.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITCall.cpp      2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/jit/JITCall.cpp 2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -150,8 +150,8 @@
</span><span class="cx">     linkAllSlowCases(iter);
</span><span class="cx"> 
</span><span class="cx">     auto bytecode = instruction->as<OpCallEval>();
</span><del>-    CallLinkInfo* info = m_codeBlock->addCallLinkInfo();
-    info->setUpCall(CallLinkInfo::Call, CodeOrigin(m_bytecodeIndex), regT0);
</del><ins>+    CallLinkInfo* info = m_codeBlock->addCallLinkInfo(CodeOrigin(m_bytecodeIndex));
+    info->setUpCall(CallLinkInfo::Call, regT0);
</ins><span class="cx"> 
</span><span class="cx">     int registerOffset = -bytecode.m_argv;
</span><span class="cx"> 
</span><span class="lines">@@ -218,7 +218,7 @@
</span><span class="cx">     */
</span><span class="cx">     CallLinkInfo* info = nullptr;
</span><span class="cx">     if (opcodeID != op_call_eval)
</span><del>-        info = m_codeBlock->addCallLinkInfo();
</del><ins>+        info = m_codeBlock->addCallLinkInfo(CodeOrigin(m_bytecodeIndex));
</ins><span class="cx">     compileSetupFrame(bytecode, info);
</span><span class="cx"> 
</span><span class="cx">     // SP holds newCallFrame + sizeof(CallerFrameAndPC), with ArgumentCount initialized.
</span><span class="lines">@@ -237,7 +237,7 @@
</span><span class="cx">     addSlowCase(slowCase);
</span><span class="cx"> 
</span><span class="cx">     ASSERT(m_callCompilationInfo.size() == callLinkInfoIndex);
</span><del>-    info->setUpCall(CallLinkInfo::callTypeFor(opcodeID), CodeOrigin(m_bytecodeIndex), regT0);
</del><ins>+    info->setUpCall(CallLinkInfo::callTypeFor(opcodeID), regT0);
</ins><span class="cx">     m_callCompilationInfo.append(CallCompilationInfo());
</span><span class="cx">     m_callCompilationInfo[callLinkInfoIndex].hotPathBegin = addressOfLinkedFunctionCheck;
</span><span class="cx">     m_callCompilationInfo[callLinkInfoIndex].callLinkInfo = info;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITCall32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp 2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp    2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -251,8 +251,8 @@
</span><span class="cx">     linkAllSlowCases(iter);
</span><span class="cx"> 
</span><span class="cx">     auto bytecode = instruction->as<OpCallEval>();
</span><del>-    CallLinkInfo* info = m_codeBlock->addCallLinkInfo();
-    info->setUpCall(CallLinkInfo::Call, CodeOrigin(m_bytecodeIndex), regT0);
</del><ins>+    CallLinkInfo* info = m_codeBlock->addCallLinkInfo(CodeOrigin(m_bytecodeIndex));
+    info->setUpCall(CallLinkInfo::Call, regT0);
</ins><span class="cx"> 
</span><span class="cx">     int registerOffset = -bytecode.m_argv;
</span><span class="cx">     VirtualRegister callee = bytecode.m_callee;
</span><span class="lines">@@ -290,7 +290,7 @@
</span><span class="cx">     */
</span><span class="cx">     CallLinkInfo* info = nullptr;
</span><span class="cx">     if (opcodeID != op_call_eval)
</span><del>-        info = m_codeBlock->addCallLinkInfo();
</del><ins>+        info = m_codeBlock->addCallLinkInfo(CodeOrigin(m_bytecodeIndex));
</ins><span class="cx">     compileSetupFrame(bytecode, info);
</span><span class="cx">     // SP holds newCallFrame + sizeof(CallerFrameAndPC), with ArgumentCount initialized.
</span><span class="cx">     
</span><span class="lines">@@ -316,7 +316,7 @@
</span><span class="cx">     addSlowCase(slowCase);
</span><span class="cx"> 
</span><span class="cx">     ASSERT(m_callCompilationInfo.size() == callLinkInfoIndex);
</span><del>-    info->setUpCall(CallLinkInfo::callTypeFor(opcodeID), CodeOrigin(m_bytecodeIndex), regT0);
</del><ins>+    info->setUpCall(CallLinkInfo::callTypeFor(opcodeID), regT0);
</ins><span class="cx">     m_callCompilationInfo.append(CallCompilationInfo());
</span><span class="cx">     m_callCompilationInfo[callLinkInfoIndex].hotPathBegin = addressOfLinkedFunctionCheck;
</span><span class="cx">     m_callCompilationInfo[callLinkInfoIndex].callLinkInfo = info;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITInlineCacheGeneratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp      2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp 2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -38,7 +38,7 @@
</span><span class="cx"> 
</span><span class="cx"> static StructureStubInfo* garbageStubInfo()
</span><span class="cx"> {
</span><del>-    static StructureStubInfo* stubInfo = new StructureStubInfo(AccessType::GetById);
</del><ins>+    static StructureStubInfo* stubInfo = new StructureStubInfo(AccessType::GetById, CodeOrigin());
</ins><span class="cx">     return stubInfo;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -47,8 +47,7 @@
</span><span class="cx">     const RegisterSet& usedRegisters)
</span><span class="cx">     : m_codeBlock(codeBlock)
</span><span class="cx"> {
</span><del>-    m_stubInfo = m_codeBlock ? m_codeBlock->addStubInfo(accessType) : garbageStubInfo();
-    m_stubInfo->codeOrigin = codeOrigin;
</del><ins>+    m_stubInfo = m_codeBlock ? m_codeBlock->addStubInfo(accessType, codeOrigin) : garbageStubInfo();
</ins><span class="cx">     m_stubInfo->callSiteIndex = callSite;
</span><span class="cx"> 
</span><span class="cx">     m_stubInfo->usedRegisters = usedRegisters;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOpcodescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp   2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp      2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -1442,7 +1442,7 @@
</span><span class="cx">     VirtualRegister base = bytecode.m_base;
</span><span class="cx">     VirtualRegister property = bytecode.m_property;
</span><span class="cx">     ArrayProfile* profile = &metadata.m_arrayProfile;
</span><del>-    ByValInfo* byValInfo = m_codeBlock->addByValInfo();
</del><ins>+    ByValInfo* byValInfo = m_codeBlock->addByValInfo(m_bytecodeIndex);
</ins><span class="cx">     
</span><span class="cx">     emitGetVirtualRegisters(base, regT0, property, regT1);
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOpcodes32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp      2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -1201,7 +1201,7 @@
</span><span class="cx">     VirtualRegister base = bytecode.m_base;
</span><span class="cx">     VirtualRegister property = bytecode.m_property;
</span><span class="cx">     ArrayProfile* profile = &metadata.m_arrayProfile;
</span><del>-    ByValInfo* byValInfo = m_codeBlock->addByValInfo();
</del><ins>+    ByValInfo* byValInfo = m_codeBlock->addByValInfo(m_bytecodeIndex);
</ins><span class="cx">     
</span><span class="cx">     emitLoadPayload(base, regT0);
</span><span class="cx">     emitJumpSlowCaseIfNotJSCell(base);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITPropertyAccesscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp    2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp       2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -150,7 +150,7 @@
</span><span class="cx">     VirtualRegister base = bytecode.m_base;
</span><span class="cx">     VirtualRegister property = bytecode.m_property;
</span><span class="cx">     ArrayProfile* profile = &metadata.m_arrayProfile;
</span><del>-    ByValInfo* byValInfo = m_codeBlock->addByValInfo();
</del><ins>+    ByValInfo* byValInfo = m_codeBlock->addByValInfo(m_bytecodeIndex);
</ins><span class="cx"> 
</span><span class="cx">     emitGetVirtualRegister(base, regT0);
</span><span class="cx">     bool propertyNameIsIntegerConstant = isOperandConstantInt(property);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITPropertyAccess32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp       2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp  2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -344,7 +344,7 @@
</span><span class="cx">     VirtualRegister base = bytecode.m_base;
</span><span class="cx">     VirtualRegister property = bytecode.m_property;
</span><span class="cx">     ArrayProfile* profile = &metadata.m_arrayProfile;
</span><del>-    ByValInfo* byValInfo = m_codeBlock->addByValInfo();
</del><ins>+    ByValInfo* byValInfo = m_codeBlock->addByValInfo(m_bytecodeIndex);
</ins><span class="cx">     
</span><span class="cx">     emitLoad2(base, regT1, regT0, property, regT3, regT2);
</span><span class="cx">     
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsWasmToJScpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/WasmToJS.cpp (266358 => 266359)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/WasmToJS.cpp 2020-08-31 17:22:22 UTC (rev 266358)
+++ trunk/Source/JavaScriptCore/wasm/js/WasmToJS.cpp    2020-08-31 17:43:02 UTC (rev 266359)
</span><span class="lines">@@ -259,8 +259,8 @@
</span><span class="cx"> 
</span><span class="cx">     // FIXME Tail call if the wasm return type is void and no registers were spilled. https://bugs.webkit.org/show_bug.cgi?id=165488
</span><span class="cx"> 
</span><del>-    CallLinkInfo* callLinkInfo = callLinkInfos.add();
-    callLinkInfo->setUpCall(CallLinkInfo::Call, CodeOrigin(), importJSCellGPRReg);
</del><ins>+    CallLinkInfo* callLinkInfo = callLinkInfos.add(CodeOrigin());
+    callLinkInfo->setUpCall(CallLinkInfo::Call, importJSCellGPRReg);
</ins><span class="cx">     JIT::DataLabelPtr targetToCheck;
</span><span class="cx">     JIT::TrustedImmPtr initialRightValue(nullptr);
</span><span class="cx">     JIT::Jump slowPath = jit.branchPtrWithPatch(MacroAssembler::NotEqual, importJSCellGPRReg, targetToCheck, initialRightValue);
</span></span></pre>
</div>
</div>

</body>
</html>