JSC: inline allocation for Promise.resolve(non-thenable)
b1a6241
+function resolveObject(o) { return Promise.resolve(o); }
+noInline(resolveObject);
+// Watchpoint-invalidation scenario:
+function Proto() { }
+function resolveProto(o) { return Promise.resolve(o); }
+// Later: Proto.prototype.then = async function() { ... }
ConstantFoldingPhase uses condition-set watchpoints to prove an object's prototype chain has no then property, making it a non-thenable. Previously, when proven, it still emitted NewResolvedPromise with a clobberTop() C-call to operationNewResolvedPromise, defeating the optimization potential. This commit threads an isResolvedValueKnownNonThenable flag through the node so proven-object arguments produce inline allocation; clobberize narrows from clobberTop() to HeapObjectCount, and the abstract interpreter propagates a sharper inferred type.
Significance
The clobberize change from clobberTop() to HeapObjectCount is a significant alias-analysis loosening that lets store elimination, LICM, and GVN reason past the node — but it depends on the inline allocation truly having no side effects beyond allocation.
Audit directions
a Aaaaaaaaaaaaaaaa Aaaa Aa Aaaaaaaaaa Aaaaaaaaaaaaaaa Aaa Aaaa Aa Aaaaa Aaaa Aaaaaaaa Aaaa Aaaaa Aa a Aaaaaaaaaaaaaaaaaa Aaaaaaaaaaa Aa Aaaaaaaaaaaaaaa Aaaaaaaa Aaaaa Aaa Aaaaaaaaaa Aaaaa Aaaaaaaaaaaaaaaaaaaaaa Aaaa Aaa Aaaa Aaa Aaaaaa Aaaaaaaaaaaaaa Aaaaa Aaaaa Aaaaaaa Aaa Aaaaaa Aaaaaaaaaa Aaaa Aaaa Aaaaaaa Aaaaaaaaa Aaaaaaaaaaaaa a a Aaaaaaa Aaa Aaaaaaaaaaaaaa Aaaaa
a Aaaaaaaaaaaa Aaaaaaaaa Aaaaaaaaaaaa Aa Aaa Aaaa Aaaa Aaaa Aaa Aaaaaa Aaaaaaaaaa Aaaa Aa Aaaa Aaaa Aaaaaaaa Aaaa a Aaaaaaaaaa Aaaaa a Aaaa Aaaaaaaaaaa Aaa Aaa Aaaaaaaa Aa Aaaaa Aaa Aaaaa Aaaaaaa Aaaaaaaaa Aaaaaaaaaaaaaa
a Aaaaaaaaaa Aaaaaaaaaaa Aaaa Aaaaaaaaaaaaaa a Aaaaaaaaa Aaaaaaaa Aaaa Aaa Aaaaaaa Aaaaaaaaaa Aaaaaa Aaaaaaaaa Aaaaaaaaaaa Aaaa Aaaaa Aaaa Aaaaaaaaaaaa Aaaaaaaaa Aa Aaa Aaaaa Aaaaaaa a Aaa Aaaaaaaaaaaaaa Aaaa Aaaaaaaaaa Aaaaaaaaa Aaa Aaaaaaaaaaaaaaaaaaaaaaa Aaaaaaaa Aaaa Aaaaaaaaaaaa Aaaaaaaa Aaaaaaaaaaa Aaa Aaaa Aa Aa Aaa Aaaaaaaaaaaaa
🔒The watchpoint-guarded flag and the loosened alias modeling both create edge cases at JIT deopt boundaries worth examining closely.
더 확인하려면 구독해 주세요