[webkit-changes] [233291] trunk/Source/JavaScriptCore

Wed, 27 Jun 2018 17:19:07 -0700

Title: [233291] trunk/Source/_javascript_Core
Revision
233291
Author
[email protected]
Date
2018-06-27 17:18:50 -0700 (Wed, 27 Jun 2018)

Log Message

Add some more register state information when we crash in repatchPutById
https://bugs.webkit.org/show_bug.cgi?id=187112

Reviewed by Mark Lam.

This will help us gather info when we end up seeing a ObjectPropertyConditionSet
with an offset that is different than what the put tells us.

* jit/Repatch.cpp:
(JSC::tryCachePutByID):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (233290 => 233291)


--- trunk/Source/_javascript_Core/ChangeLog	2018-06-28 00:15:17 UTC (rev 233290)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-06-28 00:18:50 UTC (rev 233291)
@@ -1,3 +1,16 @@
+2018-06-27  Saam Barati  <[email protected]>
+
+        Add some more register state information when we crash in repatchPutById
+        https://bugs.webkit.org/show_bug.cgi?id=187112
+
+        Reviewed by Mark Lam.
+
+        This will help us gather info when we end up seeing a ObjectPropertyConditionSet
+        with an offset that is different than what the put tells us.
+
+        * jit/Repatch.cpp:
+        (JSC::tryCachePutByID):
+
 2018-06-27  Mark Lam  <[email protected]>
 
         Fix a bug in $vm.callFrame() and apply previously requested renaming of $vm.println to print.

Modified: trunk/Source/_javascript_Core/jit/Repatch.cpp (233290 => 233291)


--- trunk/Source/_javascript_Core/jit/Repatch.cpp	2018-06-28 00:15:17 UTC (rev 233290)
+++ trunk/Source/_javascript_Core/jit/Repatch.cpp	2018-06-28 00:18:50 UTC (rev 233291)
@@ -573,7 +573,9 @@
                         if (!conditionSet.isValid())
                             return GiveUpOnCache;
 
-                        RELEASE_ASSERT(offset == conditionSet.slotBaseCondition().offset());
+                        PropertyOffset conditionSetOffset = conditionSet.slotBaseCondition().offset();
+                        if (UNLIKELY(offset != conditionSetOffset))
+                            CRASH_WITH_INFO(offset, conditionSetOffset, slot.base()->type(), baseCell->type(), conditionSet.size());
                     }
 
                 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to