RESOLVED FIXED 132721
JSDOMWindow should have a WatchpointSet to fire on window close 
https://bugs.webkit.org/show_bug.cgi?id=132721
Summary JSDOMWindow should have a WatchpointSet to fire on window close
Mark Hahnenberg
Reported 2014-05-08 18:00:41 PDT
This would allow us to reset the inline caches that assumed that they could skip the first part of JSDOMWindow::getOwnPropertySlot.
Attachments
Patch (11.10 KB, patch)
2014-05-08 18:24 PDT, Mark Hahnenberg 		no flags
DetailsFormatted DiffDiff
Patch (11.11 KB, patch)
2014-05-08 19:09 PDT, Mark Hahnenberg 		no flags
DetailsFormatted DiffDiff
Patch (13.79 KB, patch)
2014-05-09 11:49 PDT, Mark Hahnenberg 		no flags
DetailsFormatted DiffDiff
Patch (13.83 KB, patch)
2014-05-09 12:19 PDT, Mark Hahnenberg 		fpizlo: review+
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2014-05-08 18:24:15 PDT
Created attachment 231119 [details] Patch
Mark Hahnenberg
Comment 2 2014-05-08 19:06:23 PDT
Comment on attachment 231119 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=231119&action=review > Source/WebCore/bindings/js/JSDOMWindowBase.cpp:280 > + return; continue; > Source/WebCore/bindings/js/JSDOMWindowBase.cpp:283 > + return; continue;
Mark Hahnenberg
Comment 3 2014-05-08 19:09:12 PDT
Created attachment 231121 [details] Patch
Geoffrey Garen
Comment 4 2014-05-09 00:03:24 PDT
Comment on attachment 231121 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=231121&action=review r=me > Source/JavaScriptCore/jit/Repatch.cpp:334 > + if (watchpointSet) > + watchpointSet->add(stubInfo.addWatchpoint(codeBlock)); > + Is this really the only place we'll ever specialize a window object property access? Is there some kind of struct flag to guarantee that? For example, what prevents the DFG from fully inlining the property access? > Source/WebCore/bindings/js/JSDOMWindowBase.cpp:275 > + clientData->getAllWorlds(wrapperWorlds); If DOMWindow were ScriptWrappable, you would need a special case to clear its inline wrapper. But it isn't. So yay!
Mark Hahnenberg
Comment 5 2014-05-09 11:22:45 PDT
(In reply to comment #4) > (From update of attachment 231121 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=231121&action=review > > r=me > > > Source/JavaScriptCore/jit/Repatch.cpp:334 > > + if (watchpointSet) > > + watchpointSet->add(stubInfo.addWatchpoint(codeBlock)); > > + > > Is this really the only place we'll ever specialize a window object property access? Is there some kind of struct flag to guarantee that? For example, what prevents the DFG from fully inlining the property access? Now that you mention it, the DFG definitely needs to know about this. This will require more infrastructure, so I'll post a new patch.
Mark Hahnenberg
Comment 6 2014-05-09 11:49:35 PDT
Created attachment 231172 [details] Patch
Mark Hahnenberg
Comment 7 2014-05-09 12:19:08 PDT
Created attachment 231177 [details] Patch
Filip Pizlo
Comment 8 2014-05-09 12:52:57 PDT
Comment on attachment 231177 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=231177&action=review > Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.h:84 > bool doesCalls() const { return type() == Getter || type() == CustomGetter; } > + bool isWatched() const { return type() == WatchedStub; } Add an isSimple() and assert that instead of the places where we currently assert !doesCalls().
Mark Hahnenberg
Comment 9 2014-05-09 13:26:48 PDT
Committed r168548: <http://trac.webkit.org/changeset/168548>
Note You need to log in before you can comment on or make changes to this bug.