Bug 114068 - tryCacheGetByID sets StructureStubInfo accessType to an incorrect value
Summary: tryCacheGetByID sets StructureStubInfo accessType to an incorrect value
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Hahnenberg
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-05 15:21 PDT by Mark Hahnenberg
Modified: 2013-04-05 16:50 PDT (History)
0 users

See Also:

Attachments
Patch (2.94 KB, patch)
2013-04-05 15:56 PDT, Mark Hahnenberg 		no flags Details | Formatted Diff | Diff
Patch (12.60 KB, patch)
2013-04-05 16:31 PDT, Mark Hahnenberg 		ggaren: review+
mhahnenberg: commit-queue+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Hahnenberg 2013-04-05 15:21:24 PDT 
In the case where we have a non-Value cacheable property, we set the StructureStubInfo accessType to get_by_id_self, but then we don't patch self and instead patch in a get_by_id_self_fail. This leads to incorrect profiling data so when the DFG compiles the function, it uses a GetByOffset rather than a GetById, which leads to loading a GetterSetter directly out of an object.
Comment 1 Mark Hahnenberg 2013-04-05 15:54:19 PDT 
<rdar://problem/13386525>
Comment 2 Mark Hahnenberg 2013-04-05 15:56:43 PDT 
Created attachment 196694 [details]
Patch
Comment 3 Geoffrey Garen 2013-04-05 15:57:41 PDT 
Comment on attachment 196694 [details]
Patch

Layout test!
Comment 4 Mark Hahnenberg 2013-04-05 15:57:59 PDT 
(In reply to comment #3)
> (From update of attachment 196694 [details])
> Layout test!

Working on it :-(
Comment 5 Mark Hahnenberg 2013-04-05 16:31:24 PDT 
Created attachment 196696 [details]
Patch
Comment 6 Geoffrey Garen 2013-04-05 16:43:23 PDT 
Comment on attachment 196696 [details]
Patch

r=me
Comment 7 Mark Hahnenberg 2013-04-05 16:49:44 PDT 
Grr, forgot the commit queue was run by Google...now I can't un-cq+. Oh well!
Comment 8 Mark Hahnenberg 2013-04-05 16:50:48 PDT 
Committed r147816: <http://trac.webkit.org/changeset/147816>