Bug 215720 - Replace IC on Proxy must write barrier Proxy's target
Summary: Replace IC on Proxy must write barrier Proxy's target
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-08-20 17:35 PDT by Saam Barati
Modified: 2020-08-20 20:51 PDT (History)
7 users (show)

See Also:

Attachments
patch (4.97 KB, patch)
2020-08-20 17:44 PDT, Saam Barati 		ysuzuki: review+
Details | Formatted Diff | Diff
patch for landing (5.43 KB, patch)
2020-08-20 18:41 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2020-08-20 17:35:43 PDT 
...
Comment 1 Saam Barati 2020-08-20 17:44:57 PDT 
Created attachment 406986 [details]
patch

I'm going to keep trying to write a test, but I've spent an hour on it with no success.
Comment 2 Yusuke Suzuki 2020-08-20 18:03:04 PDT 
Comment on attachment 406986 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=406986&action=review

Nice, r=me

> Source/JavaScriptCore/bytecode/AccessCase.cpp:1798
> +            jit.loadPtr(CCallHelpers::Address(baseGPR, JSProxy::targetOffset()), scratchGPR);
> +            auto spillState = state.preserveLiveRegistersToStackForCallWithoutExceptions();
> +            jit.setupArguments<decltype(operationWriteBarrierSlowPath)>(CCallHelpers::TrustedImmPtr(&vm), scratchGPR);
> +            jit.prepareCallOperation(vm);
> +            auto operationCall = jit.call(OperationPtrTag);
> +            jit.addLinkTask([=] (LinkBuffer& linkBuffer) {
> +                linkBuffer.link(operationCall, FunctionPtr<OperationPtrTag>(operationWriteBarrierSlowPath));
> +            });
> +            state.restoreLiveRegistersFromStackForCall(spillState);
> +

Can you check whether AccessCase::doesCalls change is necessary?
Comment 3 Saam Barati 2020-08-20 18:41:42 PDT 
Created attachment 406996 [details]
patch for landing
Comment 4 EWS 2020-08-20 20:50:43 PDT 
Committed r265997: <https://trac.webkit.org/changeset/265997>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 406996 [details].
Comment 5 Radar WebKit Bug Importer 2020-08-20 20:51:15 PDT 
<rdar://problem/67527868>