RESOLVED FIXED 186602
[JSC] Remove cellLock in JSObject::convertContiguousToArrayStorage 
https://bugs.webkit.org/show_bug.cgi?id=186602
Summary [JSC] Remove cellLock in JSObject::convertContiguousToArrayStorage
Yusuke Suzuki
Reported 2018-06-13 11:17:07 PDT
Let’s consider whether it is safe, prove it’s safety, and remove it if we can!
Attachments
Patch (9.48 KB, patch)
2018-06-14 03:15 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (9.48 KB, patch)
2018-06-14 04:35 PDT, Yusuke Suzuki 		saam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2018-06-14 03:15:41 PDT
Created attachment 342729 [details] Patch
Yusuke Suzuki
Comment 2 2018-06-14 04:35:15 PDT
Created attachment 342731 [details] Patch
Saam Barati
Comment 3 2018-06-14 10:46:01 PDT
Comment on attachment 342731 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=342731&action=review r=me > Source/JavaScriptCore/runtime/JSObject.cpp:1350 > + // Our following operations are sequentially executed by using storeStoreFence. Our following => The mutator performs the following > Source/JavaScriptCore/runtime/JSObject.cpp:1402 > + WTF::storeStoreFence(); You only need this for mutatorShouldBeFenced, right?
Yusuke Suzuki
Comment 4 2018-06-16 09:38:59 PDT
Comment on attachment 342731 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=342731&action=review >> Source/JavaScriptCore/runtime/JSObject.cpp:1402 >> + WTF::storeStoreFence(); > > You only need this for mutatorShouldBeFenced, right? Yeah, we can guard this with it.
Yusuke Suzuki
Comment 5 2018-07-20 14:14:19 PDT
Committed r234065: <https://trac.webkit.org/changeset/234065>
Radar WebKit Bug Importer
Comment 6 2018-07-20 14:15:21 PDT
<rdar://problem/42444258>
Note You need to log in before you can comment on or make changes to this bug.