commit 687ce629c94ecfa742d8cf7031216124a7dc64ad
author commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Fri May 11 21:16:05 2018 +0000
committer commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Fri May 11 21:16:05 2018 +0000
tree a2d90a4f95db422a70c83f815de3a2c6c97eb9b4
parent 48679eb30013d73dd3533576e598110693e24f40

Unreviewed, rolling out r231316 and r231332.
https://bugs.webkit.org/show_bug.cgi?id=185564

Appears to be a Speedometer2/MotionMark regression (Requested
by keith_miller on #webkit).

Reverted changesets:

"Remove the prototype caching for get_by_id in the LLInt"
https://bugs.webkit.org/show_bug.cgi?id=185226
https://trac.webkit.org/changeset/231316

"Unreviewed, fix 32-bit profile offset for change in bytecode"
https://trac.webkit.org/changeset/231332

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@231719 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/bytecode/CodeBlock.cpp

diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
index d111de0..8f1a4bd 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -65,6 +65,7 @@
 #include "JSTemplateObjectDescriptor.h"
 #include "LLIntData.h"
 #include "LLIntEntrypoint.h"
+#include "LLIntPrototypeLoadAdaptiveStructureWatchpoint.h"
 #include "LowLevelInterpreter.h"
 #include "ModuleProgramCodeBlock.h"
 #include "ObjectAllocationProfileInlines.h"
@@ -1250,7 +1251,9 @@
     for (size_t size = propertyAccessInstructions.size(), i = 0; i < size; ++i) {
         Instruction* curInstruction = &instructions()[propertyAccessInstructions[i]];
         switch (Interpreter::getOpcodeID(curInstruction[0])) {
-        case op_get_by_id: {
+        case op_get_by_id:
+        case op_get_by_id_proto_load:
+        case op_get_by_id_unset: {
             StructureID oldStructureID = curInstruction[4].u.structureID;
             if (!oldStructureID || Heap::isMarked(vm.heap.structureIDTable().get(oldStructureID)))
                 break;
@@ -1344,6 +1347,12 @@
         }
     }
 
+    // We can't just remove all the sets when we clear the caches since we might have created a watchpoint set
+    // then cleared the cache without GCing in between.
+    m_llintGetByIdWatchpointMap.removeIf([](const StructureWatchpointMap::KeyValuePairType& pair) -> bool {
+        return !Heap::isMarked(pair.key);
+    });
+
     for (unsigned i = 0; i < m_llintCallLinkInfos.size(); ++i) {
         if (m_llintCallLinkInfos[i].isLinked() && !Heap::isMarked(m_llintCallLinkInfos[i].callee.get())) {
             if (Options::verboseOSR())