Summary: | AI should not set the structure for ObjectCreate | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Justin Michaud <justin_michaud> | ||||||||||
Component: | JavaScriptCore | Assignee: | Justin Michaud <justin_michaud> | ||||||||||
Status: | RESOLVED FIXED | ||||||||||||
Severity: | Normal | CC: | ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer, ysuzuki | ||||||||||
Priority: | P2 | Keywords: | InRadar | ||||||||||
Version: | Safari 15 | ||||||||||||
Hardware: | Unspecified | ||||||||||||
OS: | Unspecified | ||||||||||||
Attachments: |
|
Description
Justin Michaud
2022-03-24 14:51:36 PDT
Created attachment 455689 [details]
Patch
Comment on attachment 455689 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=455689&action=review > Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:-3147 > - setForNode(node, structure); We should continue setting a structure for nullPrototypeObjectStructure. Comment on attachment 455689 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=455689&action=review > Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:3138 > break; You can’t break here. You need the below code to run and set our type. I also suggest reworking this patch to never even bother looking up a structure and just always mark things as shoyldTryCobstantFolding or instead to keep the code as it used to be Created attachment 455790 [details]
Patch
Why not moving StructureCache from VM to JSGlobalObject? This cache is used for objects' structures. Thus each structure has its tied JSGlobalObject. Comment on attachment 455790 [details]
Patch
We're discussing on slack a better approach
Created attachment 455795 [details]
Patch
Comment on attachment 455795 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=455795&action=review > Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:3131 > - didFoldClobberWorld(); > + clobberWorld(); this shouldn't change. Created attachment 455796 [details]
[fast-cq] Patch
Comment on attachment 455796 [details]
[fast-cq] Patch
r=me
r=me too. Patch landed in r291891: <http://trac.webkit.org/r291891>. |