-
oliver@apple.com authored
fourthTier: CFA should defend against results seeming inconsistent due to a watchpoint firing during compilation https://bugs.webkit.org/show_bug.cgi?id=115083 Reviewed by Geoffrey Garen. This ruggedizes our racyness with respect to watchpoints. We want to be able to assert, in some places, that a watchpoint-based optimization has only occurred if the watchpoint set was still valid. But currently we *can* soundly do watchpoint-based optimizations even for invalid watchpoints, so long as we recorded in the IR that we had done so; this will then lead to the code being insta-jettisoned after compilation completes. Obviously, we don't want this to happen often - but we do want to allow it precisely in the case of watchpoint races. This adds the ability to assert that we hadn't over-watchpointed ourselves, with and exemption for races. * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::executeEffects): * dfg/DFGAbstractValue.cpp: (JSC::DFG::AbstractValue::setFuturePossibleStructure): (JSC::DFG::AbstractValue::filterFuturePossibleStructure): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::addStructureTransitionCheck): (JSC::DFG::ByteCodeParser::parseResolveOperations): (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck): * dfg/DFGDesiredWatchpoints.h: (GenericDesiredWatchpoints): (JSC::DFG::GenericDesiredWatchpoints::isStillValid): (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::GenericDesiredWatchpoints::isValidOrMixed): (JSC::DFG::DesiredWatchpoints::isStillValid): (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isValidOrMixed): (DesiredWatchpoints): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess): * dfg/DFGGraph.h: (JSC::DFG::Graph::masqueradesAsUndefinedWatchpointIsStillValid): (Graph): * dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::link): (JSC::DFG::JITCompiler::compile): (JSC::DFG::JITCompiler::compileFunction): * dfg/DFGJITCompiler.h: (JSC::DFG::JITCompiler::addLazily): (JITCompiler): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): * dfg/DFGSpeculativeJIT.h: (SpeculativeJIT): (JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid): (JSC::DFG::SpeculativeJIT::speculationWatchpointForMasqueradesAsUndefined): (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): (JSC::DFG::SpeculativeJIT::compileObjectEquality): (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality): (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality): (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): (JSC::DFG::SpeculativeJIT::compileObjectEquality): (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality): (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality): (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): (JSC::DFG::SpeculativeJIT::compile): * ftl/FTLCompile.cpp: (JSC::FTL::compile): * ftl/FTLState.h: (State): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153130 268f45cc-cd09-0410-ab3c-d52691b4dbfc
67e0f33a