Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JSC] IntrinsicGetter AccessCase should not use Equivalent condition #16409

Merged
merged 1 commit into from
Aug 7, 2023
Merged

[JSC] IntrinsicGetter AccessCase should not use Equivalent condition #16409

merged 1 commit into from
Aug 7, 2023

Conversation

Constellation
Copy link
Member

@Constellation Constellation commented Aug 4, 2023
edited by webkit-early-warning-system
Loading

41847fe

[JSC] IntrinsicGetter AccessCase should not use Equivalent condition
https://bugs.webkit.org/show_bug.cgi?id=259841
rdar://113416758

Reviewed by Keith Miller.

265594@main leveraged Equivalent condition in AccessCase, but this is wrong.
DFG cannot use Equivalent condition for AccessCase (see planLoad, ComplexGetByStatus etc.),
and breaking a key invariant / heuristics for DFG.

This patch reverts 265594@main and fixes the original issue in different way.
Instead of using Equivalent condition, we just check getter in AccessCase.

* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateImpl):
* Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp:
(JSC::generateConditionsForPrototypePropertyHit):
* Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.h:
* Source/JavaScriptCore/bytecode/Repatch.cpp:
(JSC::tryCacheGetBy):

Canonical link: https://commits.webkit.org/266659@main

4d7f971

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  wincairo
βœ… πŸ›  ios-sim βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ wpe-wk2
βœ… πŸ§ͺ webkitperl βœ… πŸ§ͺ ios-wk2 βœ… πŸ§ͺ api-mac βœ… πŸ›  gtk
βœ… πŸ§ͺ ios-wk2-wpt βœ… πŸ§ͺ mac-wk1 βœ… πŸ§ͺ gtk-wk2
βœ… πŸ›  πŸ§ͺ jsc βœ… πŸ§ͺ api-ios βœ… πŸ§ͺ mac-wk2 βœ… πŸ§ͺ api-gtk
βœ… πŸ›  πŸ§ͺ jsc-arm64 βœ… πŸ›  tv βœ… πŸ§ͺ mac-AS-debug-wk2 βœ… πŸ›  jsc-armv7
βœ… πŸ›  tv-sim βœ… πŸ§ͺ jsc-armv7-tests
βœ… πŸ›  watch βœ… πŸ›  jsc-mips
βœ… πŸ›  πŸ§ͺ unsafe-merge βœ… πŸ›  watch-sim βœ… πŸ§ͺ jsc-mips-tests

@Constellation Constellation requested a review from a team as a code owner August 4, 2023 22:39
@Constellation Constellation self-assigned this Aug 4, 2023
@Constellation Constellation added the JavaScriptCore For bugs in JavaScriptCore, the JS engine used by WebKit, other than kxmlcore issues. label Aug 4, 2023
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Aug 4, 2023
edited
Loading

EWS run on current version of this PR (hash 4d7f971)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  wincairo
βœ… πŸ›  ios-sim βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ wpe-wk2
βœ… πŸ§ͺ webkitperl βœ… πŸ§ͺ ios-wk2 βœ… πŸ§ͺ api-mac βœ… πŸ›  gtk
βœ… πŸ§ͺ ios-wk2-wpt βœ… πŸ§ͺ mac-wk1 βœ… πŸ§ͺ gtk-wk2
βœ… πŸ›  πŸ§ͺ jsc βœ… πŸ§ͺ api-ios βœ… πŸ§ͺ mac-wk2 βœ… πŸ§ͺ api-gtk
βœ… πŸ›  πŸ§ͺ jsc-arm64 βœ… πŸ›  tv βœ… πŸ§ͺ mac-AS-debug-wk2 βœ… πŸ›  jsc-armv7
βœ… πŸ›  tv-sim βœ… πŸ§ͺ jsc-armv7-tests
βœ… πŸ›  watch βœ… πŸ›  jsc-mips
βœ… πŸ›  πŸ§ͺ unsafe-merge βœ… πŸ›  watch-sim βœ… πŸ§ͺ jsc-mips-tests

kmiller68
kmiller68 approved these changes Aug 7, 2023
View reviewed changes
Copy link
Contributor

@kmiller68 kmiller68 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r=me

@Constellation Constellation added the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label Aug 7, 2023
@Constellation
[JSC] IntrinsicGetter AccessCase should not use Equivalent condition
41847fe 
https://bugs.webkit.org/show_bug.cgi?id=259841
rdar://113416758

Reviewed by Keith Miller.

265594@main leveraged Equivalent condition in AccessCase, but this is wrong.
DFG cannot use Equivalent condition for AccessCase (see planLoad, ComplexGetByStatus etc.),
and breaking a key invariant / heuristics for DFG.

This patch reverts 265594@main and fixes the original issue in different way.
Instead of using Equivalent condition, we just check getter in AccessCase.

* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateImpl):
* Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp:
(JSC::generateConditionsForPrototypePropertyHit):
* Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.h:
* Source/JavaScriptCore/bytecode/Repatch.cpp:
(JSC::tryCacheGetBy):

Canonical link: https://commits.webkit.org/266659@main
@webkit-commit-queue webkit-commit-queue force-pushed the eng/JSC-IntrinsicGetter-AccessCase-should-not-use-Equivalent-condition branch from 4d7f971 to 41847fe Compare August 7, 2023 22:04
@webkit-commit-queue
Copy link
Collaborator

Committed 266659@main (41847fe): https://commits.webkit.org/266659@main

Reviewed commits have been landed. Closing PR #16409 and removing active labels.

@webkit-commit-queue webkit-commit-queue merged commit 41847fe into WebKit:main Aug 7, 2023
@webkit-commit-queue webkit-commit-queue removed the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label Aug 7, 2023
@Constellation Constellation deleted the eng/JSC-IntrinsicGetter-AccessCase-should-not-use-Equivalent-condition branch August 7, 2023 22:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kmiller68 kmiller68 kmiller68 approved these changes

Assignees

@Constellation Constellation

Labels
JavaScriptCore For bugs in JavaScriptCore, the JS engine used by WebKit, other than kxmlcore issues.
Projects
None yet
Milestone
No milestone
4 participants
@Constellation @webkit-early-warning-system @webkit-commit-queue @kmiller68