put_to_scope/get_from_scope should not cache lexical scopes when expecting a global object
Created attachment 333214 [details] Patch
Comment on attachment 333214 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=333214&action=review > Source/JavaScriptCore/jit/JITPropertyAccess.cpp:861 > + emitLoadWithStructureCheck(scope, structureSlot); // Structure check covers var injection since we don't cache structures for anything but the GlobalObject. Also: this should say that resolve_scope does the check for var injection firing.
<rdar://problem/36189995>
Comment on attachment 333214 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=333214&action=review > Source/JavaScriptCore/ChangeLog:12 > + in the DFG, does not follow this same assumption so we could no comma needed > Source/JavaScriptCore/ChangeLog:17 > + GlobalPropertyWithVarInjectionChecks. or GlobalProperty
Comment on attachment 333214 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=333214&action=review >> Source/JavaScriptCore/ChangeLog:12 >> + in the DFG, does not follow this same assumption so we could > > no comma needed Fixed. >> Source/JavaScriptCore/ChangeLog:17 >> + GlobalPropertyWithVarInjectionChecks. > > or GlobalProperty I don't think that was possible before? I can update the sentence though. >> Source/JavaScriptCore/jit/JITPropertyAccess.cpp:861 >> + emitLoadWithStructureCheck(scope, structureSlot); // Structure check covers var injection since we don't cache structures for anything but the GlobalObject. > > Also: this should say that resolve_scope does the check for var injection firing. Fixed.
Committed r228193: <https://trac.webkit.org/changeset/228193>
Comment on attachment 333214 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=333214&action=review > Source/JavaScriptCore/runtime/Options.h:253 > + v(bool, enableJITDebugAssetions, !ASSERT_DISABLED, Normal, nullptr) \ Typo enableJITDebugAssetions
(In reply to JF Bastien from comment #7) > Comment on attachment 333214 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=333214&action=review > > > Source/JavaScriptCore/runtime/Options.h:253 > > + v(bool, enableJITDebugAssetions, !ASSERT_DISABLED, Normal, nullptr) \ > > Typo enableJITDebugAssetions https://bugs.webkit.org/show_bug.cgi?id=184001