Bug 114068

Summary: tryCacheGetByID sets StructureStubInfo accessType to an incorrect value
Product: WebKit Reporter: Mark Hahnenberg <mhahnenberg>
Component: JavaScriptCoreAssignee: Mark Hahnenberg <mhahnenberg>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch ggaren: review+, mhahnenberg: commit-queue+

Description Mark Hahnenberg 2013-04-05 15:21:24 PDT 
In the case where we have a non-Value cacheable property, we set the StructureStubInfo accessType to get_by_id_self, but then we don't patch self and instead patch in a get_by_id_self_fail. This leads to incorrect profiling data so when the DFG compiles the function, it uses a GetByOffset rather than a GetById, which leads to loading a GetterSetter directly out of an object.
Comment 1 Mark Hahnenberg 2013-04-05 15:54:19 PDT 
<rdar://problem/13386525>
Comment 2 Mark Hahnenberg 2013-04-05 15:56:43 PDT 
Created attachment 196694 [details]
Patch
Comment 3 Geoffrey Garen 2013-04-05 15:57:41 PDT 
Comment on attachment 196694 [details]
Patch

Layout test!
Comment 4 Mark Hahnenberg 2013-04-05 15:57:59 PDT 
(In reply to comment #3)
> (From update of attachment 196694 [details])
> Layout test!

Working on it :-(
Comment 5 Mark Hahnenberg 2013-04-05 16:31:24 PDT 
Created attachment 196696 [details]
Patch
Comment 6 Geoffrey Garen 2013-04-05 16:43:23 PDT 
Comment on attachment 196696 [details]
Patch

r=me
Comment 7 Mark Hahnenberg 2013-04-05 16:49:44 PDT 
Grr, forgot the commit queue was run by Google...now I can't un-cq+. Oh well!
Comment 8 Mark Hahnenberg 2013-04-05 16:50:48 PDT 
Committed r147816: <http://trac.webkit.org/changeset/147816>