Summary: | PutByVal and PutPrivateName ICs should emit a write barrier if a butterfly might be allocated | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Justin Michaud <justin_michaud> | ||||||
Component: | JavaScriptCore | Assignee: | Justin Michaud <justin_michaud> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | bfulgham, ews-feeder, ews-watchlist, keith_miller, mark.lam, msaboff, product-security, saam, tzagallo, webkit-bug-importer, ysuzuki | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Bug Depends on: | |||||||||
Bug Blocks: | 230377 | ||||||||
Attachments: |
|
Description
Justin Michaud
2021-09-16 15:39:26 PDT
Created attachment 438408 [details]
Patch
Comment on attachment 438408 [details]
Patch
r=me
Comment on attachment 438408 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438408&action=review > Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp:241 > + considerBarrier(child1); // FIXME: there are some cases where we can avoid a store barrier by considering the value Can you put the bug https://bugs.webkit.org/show_bug.cgi?id=230377 in the FIXME comment as well. Same below. Created attachment 438413 [details]
Patch
Committed r282663 (241804@main): <https://commits.webkit.org/241804@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 438413 [details]. |