Title: [233893] trunk/Source/_javascript_Core
- Revision
- 233893
- Author
- [email protected]
- Date
- 2018-07-17 13:20:21 -0700 (Tue, 17 Jul 2018)
Log Message
CodeBlock::baselineVersion() should account for executables with purged codeBlocks.
https://bugs.webkit.org/show_bug.cgi?id=187736
<rdar://problem/42114371>
Reviewed by Michael Saboff.
CodeBlock::baselineVersion() currently checks for a null replacement but does not
account for the fact that that the replacement can also be null due to the
executable having being purged of its codeBlocks due to a memory event (see
ExecutableBase::clearCode()). This patch adds code to account for this.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::baselineVersion):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (233892 => 233893)
--- trunk/Source/_javascript_Core/ChangeLog 2018-07-17 18:54:05 UTC (rev 233892)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-07-17 20:20:21 UTC (rev 233893)
@@ -1,3 +1,19 @@
+2018-07-17 Mark Lam <[email protected]>
+
+ CodeBlock::baselineVersion() should account for executables with purged codeBlocks.
+ https://bugs.webkit.org/show_bug.cgi?id=187736
+ <rdar://problem/42114371>
+
+ Reviewed by Michael Saboff.
+
+ CodeBlock::baselineVersion() currently checks for a null replacement but does not
+ account for the fact that that the replacement can also be null due to the
+ executable having being purged of its codeBlocks due to a memory event (see
+ ExecutableBase::clearCode()). This patch adds code to account for this.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::baselineVersion):
+
2018-07-16 Yusuke Suzuki <[email protected]>
[JSC] UnlinkedCodeBlock::shrinkToFit miss m_constantIdentifierSets
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (233892 => 233893)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2018-07-17 18:54:05 UTC (rev 233892)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2018-07-17 20:20:21 UTC (rev 233893)
@@ -1637,16 +1637,26 @@
CodeBlock* CodeBlock::baselineVersion()
{
#if ENABLE(JIT)
- if (JITCode::isBaselineCode(jitType()))
+ JITCode::JITType selfJITType = jitType();
+ if (JITCode::isBaselineCode(selfJITType))
return this;
CodeBlock* result = replacement();
if (!result) {
- // This can happen if we're creating the original CodeBlock for an executable.
- // Assume that we're the baseline CodeBlock.
- RELEASE_ASSERT(jitType() == JITCode::None);
- return this;
+ if (JITCode::isOptimizingJIT(selfJITType)) {
+ // The replacement can be null if we've had a memory clean up and the executable
+ // has been purged of its codeBlocks (see ExecutableBase::clearCode()). Regardless,
+ // the current codeBlock is still live on the stack, and as an optimizing JIT
+ // codeBlock, it will keep its baselineAlternative() alive for us to fetch below.
+ result = this;
+ } else {
+ // This can happen if we're creating the original CodeBlock for an executable.
+ // Assume that we're the baseline CodeBlock.
+ RELEASE_ASSERT(selfJITType == JITCode::None);
+ return this;
+ }
}
result = result->baselineAlternative();
+ ASSERT(result);
return result;
#else
return this;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
