Title: [92934] branches/safari-534.51-branch/Source/_javascript_Core/ChangeLog
Diff
Modified: branches/safari-534.51-branch/Source/_javascript_Core/ChangeLog (92933 => 92934)
--- branches/safari-534.51-branch/Source/_javascript_Core/ChangeLog 2011-08-12 05:57:16 UTC (rev 92933)
+++ branches/safari-534.51-branch/Source/_javascript_Core/ChangeLog 2011-08-12 05:58:45 UTC (rev 92934)
@@ -1,3 +1,25 @@
+2011-08-11 Lucas Forschler <[email protected]>
+
+ Merged 91728
+
+ 2011-07-25 Filip Pizlo <[email protected]>
+
+ DFG JIT bytecode parser misuses pointers into objects allocated as part of a
+ WTF::Vector.
+ https://bugs.webkit.org/show_bug.cgi?id=65128
+
+ Reviewed by Gavin Barraclough.
+
+ The bytecode parser code seems to be right to have a DFGNode& phiNode reference
+ into the graph, since this makes the code greatly more readable. This patch
+ thus makes the minimal change necessary to make the code right: it uses a
+ pointer (to disambiguate between reloading the pointer and performing a
+ copy from one location of the vector to another) and reloads it after the
+ calls to addToGraph().
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+
2011-08-10 Gavin Barraclough <[email protected]>
Reviewed by nobody.
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
