Bug 158291

Summary: canOptimizeStringObjectAccess should use ObjectPropertyConditions rather than structure watchpoints
Product: WebKit Reporter: Keith Miller <keith_miller>
Component: New BugsAssignee: Keith Miller <keith_miller>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, mark.lam, msaboff, saam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch for landing none

Keith Miller
Reported 2016-06-01 18:09:13 PDT
canOptimizeStringObjectAccess should use ObjectPropertyConditions rather than structure watchpoints
Attachments
Patch (12.37 KB, patch)
2016-06-01 19:11 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch for landing (12.38 KB, patch)
2016-06-01 19:36 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Keith Miller
Comment 1 2016-06-01 19:11:25 PDT
Created attachment 280294 [details] Patch
Keith Miller
Comment 2 2016-06-01 19:17:47 PDT
Comment on attachment 280294 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=280294&action=review > Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp:65 > + return (numberOfConditionsWithKind(PropertyCondition::Presence) ^ numberOfConditionsWithKind(PropertyCondition::Equivalence)) == 1; Whoops, this should be (numberOfConditionsWithKind(PropertyCondition::Presence) == 1) != (numberOfConditionsWithKind(PropertyCondition::Equivalence) == 1). I'll fix before landing.
Keith Miller
Comment 3 2016-06-01 19:36:22 PDT
Created attachment 280296 [details] Patch for landing
WebKit Commit Bot
Comment 4 2016-06-01 20:16:57 PDT
Comment on attachment 280296 [details] Patch for landing Clearing flags on attachment: 280296 Committed r201584: <http://trac.webkit.org/changeset/201584>
WebKit Commit Bot
Comment 5 2016-06-01 20:17:01 PDT
All reviewed patches have been landed. Closing bug.
Filip Pizlo
Comment 6 2016-06-01 21:24:02 PDT
Comment on attachment 280296 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=280296&action=review Can you do a follow-up fix to clean up the API? > Source/JavaScriptCore/bytecode/ObjectPropertyCondition.cpp:52 > - return m_condition.isStillValidAssumingImpurePropertyWatchpoint(structure); > + return m_condition.isStillValidAssumingImpurePropertyWatchpoint(structure, m_object); This part is wrong. The documentation for structureEnsuresValidityAssumingImpurePropertyWatchpoint() says: // Checks if the object's structure claims that the property won't be intercepted. Validity // does not require watchpoints on the object. Passing a non-null object to PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint() means that it will return true in cases where we actually need to set watchpoints on the object. It may be that nobody calls isStillValidAssumingImpurePropertyWatchpoint() this way, but that's a super crazy assumption since the DFG assumes this meaning for structureEnsuresValidity(), which is supposed to only differ from structureEnsuresValidityAssumingImpurePropertyWatchpoint() in how it handles the impure property watchpoint thing. So, this patch maybe causes a correctness bug somewhere (maybe not), but definitely makes the API inconsistent. I don't think we want that. Can you add a new method instead? I guess it should be called ObjectPropertyCondition::isStillValidAssumingImpurePropertyWatchpoint()
Note You need to log in before you can comment on or make changes to this bug.