Title: [94623] trunk/Source/_javascript_Core
- Revision
- 94623
- Author
- [email protected]
- Date
- 2011-09-06 19:05:02 -0700 (Tue, 06 Sep 2011)
Log Message
Accessibility tests crashing in BasicRawSentinelNode code
https://bugs.webkit.org/show_bug.cgi?id=67682
Reviewed by Geoffrey Garen.
A CodeBlock should ensure that no other CodeBlocks have references to it after
it is destroyed.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (94622 => 94623)
--- trunk/Source/_javascript_Core/ChangeLog 2011-09-07 02:00:16 UTC (rev 94622)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-09-07 02:05:02 UTC (rev 94623)
@@ -1,3 +1,16 @@
+2011-09-06 Filip Pizlo <[email protected]>
+
+ Accessibility tests crashing in BasicRawSentinelNode code
+ https://bugs.webkit.org/show_bug.cgi?id=67682
+
+ Reviewed by Geoffrey Garen.
+
+ A CodeBlock should ensure that no other CodeBlocks have references to it after
+ it is destroyed.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+
2011-09-06 Yong Li <[email protected]>
https://bugs.webkit.org/show_bug.cgi?id=67486
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (94622 => 94623)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2011-09-07 02:00:16 UTC (rev 94622)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2011-09-07 02:05:02 UTC (rev 94623)
@@ -1448,9 +1448,14 @@
}
#endif
- // We should not be garbage collected if there are incoming calls. But
- // if this is called during heap destruction, then there may still be
- // incoming calls, which is harmless.
+ // We may be destroyed before any CodeBlocks that refer to us are destroyed.
+ // Consider that two CodeBlocks become unreachable at the same time. There
+ // is no guarantee about the order in which the CodeBlocks are destroyed.
+ // So, if we don't remove incoming calls, and get destroyed before the
+ // CodeBlock(s) that have calls into us, then the CallLinkInfo vector's
+ // destructor will try to remove nodes from our (no longer valid) linked list.
+ while (m_incomingCalls.begin() != m_incomingCalls.end())
+ m_incomingCalls.begin()->remove();
// Note that our outgoing calls will be removed from other CodeBlocks'
// m_incomingCalls linked lists through the execution of the ~CallLinkInfo
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
