commit 5d09e3c33c88a5c5aa5c96741293c24ecfdc6776
author utatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Tue Nov 21 10:07:50 2017 +0000
committer utatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Tue Nov 21 10:07:50 2017 +0000
tree f07edb3bcd782f0ed1a850c8812b19e370094ade
parent 55387174850ea15c6033fc0d7a2945f4be6045c9

[JSC] Allow poly proto for intrinsic getters
https://bugs.webkit.org/show_bug.cgi?id=179550

Reviewed by Saam Barati.

JSTests:

This change is also tested by existing tests.

    1. stress/intrinsic-getter-with-poly-proto.js
    2. stress/poly-proto-intrinsic-getter-correctness.js

* stress/intrinsic-getter-with-poly-proto-getter-change.js: Added.
(shouldBe):
(makePolyProtoObject.foo.C):
(makePolyProtoObject.foo):
(makePolyProtoObject):
(target):
* stress/intrinsic-getter-with-poly-proto-proto-change.js: Added.
(shouldBe):
(makePolyProtoObject.foo.C):
(makePolyProtoObject.foo):
(makePolyProtoObject):
(target):

Source/JavaScriptCore:

This patch allows intrinsic getters to accept poly proto.
We propagate PolyProtoAccessChain in IntrinsicGetterAccessCase to perform
poly proto checks. And we extend UnderscoreProtoIntrinsic to emit
code for poly proto case.

* bytecode/IntrinsicGetterAccessCase.cpp:
(JSC::IntrinsicGetterAccessCase::IntrinsicGetterAccessCase):
(JSC::IntrinsicGetterAccessCase::create):
* bytecode/IntrinsicGetterAccessCase.h:
* jit/IntrinsicEmitter.cpp:
(JSC::IntrinsicGetterAccessCase::canEmitIntrinsicGetter):
(JSC::IntrinsicGetterAccessCase::emitIntrinsicGetter):
* jit/Repatch.cpp:
(JSC::tryCacheGetByID):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@225071 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/jit/IntrinsicEmitter.cpp

diff --git a/Source/JavaScriptCore/jit/IntrinsicEmitter.cpp b/Source/JavaScriptCore/jit/IntrinsicEmitter.cpp
index 934e2db..8e8e98b 100644
--- a/Source/JavaScriptCore/jit/IntrinsicEmitter.cpp
+++ b/Source/JavaScriptCore/jit/IntrinsicEmitter.cpp
@@ -64,8 +64,6 @@
         return true;
     }
     case UnderscoreProtoIntrinsic: {
-        if (structure->hasPolyProto())
-            return false;
         auto getPrototypeMethod = structure->classInfo()->methodTable.getPrototype;
         MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
         return getPrototypeMethod == defaultGetPrototype;
@@ -133,8 +131,10 @@
     }
 
     case UnderscoreProtoIntrinsic: {
-        ASSERT(structure()->hasMonoProto());
-        jit.moveValue(structure()->storedPrototype(), valueRegs);
+        if (structure()->hasPolyProto())
+            jit.loadValue(CCallHelpers::Address(baseGPR, offsetRelativeToBase(knownPolyProtoOffset)), valueRegs);
+        else
+            jit.moveValue(structure()->storedPrototype(), valueRegs);
         state.succeed();
         return;
     }