Skip to site navigation (Press enter)

[webkit-changes] [237734] trunk/Source/JavaScriptCore

tzagallo Fri, 02 Nov 2018 08:48:25 -0700

Title: [237734] trunk/Source/_javascript_Core

Revision: 237734
Author: [email protected]
Date: 2018-11-02 08:46:57 -0700 (Fri, 02 Nov 2018)

Log Message

Metadata should not be copyable
https://bugs.webkit.org/show_bug.cgi?id=191193


Reviewed by Keith Miller.

We should only ever hold references to the entry in the metadata table.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finalizeLLIntInlineCaches):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* generator/Metadata.rb:

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp
trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp
trunk/Source/_javascript_Core/generator/Metadata.rb

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (237733 => 237734)


--- trunk/Source/_javascript_Core/ChangeLog	2018-11-02 15:41:19 UTC (rev 237733)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-11-02 15:46:57 UTC (rev 237734)
@@ -1,5 +1,20 @@
 2018-11-02  Tadeu Zagallo  <[email protected]>
 
+        Metadata should not be copyable
+        https://bugs.webkit.org/show_bug.cgi?id=191193
+
+        Reviewed by Keith Miller.
+
+        We should only ever hold references to the entry in the metadata table.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::finalizeLLIntInlineCaches):
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        * generator/Metadata.rb:
+
+2018-11-02  Tadeu Zagallo  <[email protected]>
+
         REGRESSION(r237547): Exception handlers should be aware of wide opcodes when JIT is disabled
         https://bugs.webkit.org/show_bug.cgi?id=191175

Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (237733 => 237734)


--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp	2018-11-02 15:41:19 UTC (rev 237733)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp	2018-11-02 15:46:57 UTC (rev 237734)
@@ -1280,7 +1280,7 @@
             // Right now this isn't strictly necessary. Any symbol tables that this will refer to
             // are for outer functions, and we refer to those functions strongly, and they refer
             // to the symbol table strongly. But it's nice to be on the safe side.
-            auto metadata = curInstruction->as<OpResolveScope>().metadata(this);
+            auto& metadata = curInstruction->as<OpResolveScope>().metadata(this);
             WriteBarrierBase<SymbolTable>& symbolTable = metadata.symbolTable;
             if (!symbolTable || Heap::isMarked(symbolTable.get()))
                 break;

Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (237733 => 237734)


--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2018-11-02 15:41:19 UTC (rev 237733)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2018-11-02 15:46:57 UTC (rev 237734)
@@ -4710,7 +4710,7 @@
         case op_to_this: {
             Node* op1 = getThis();
             if (op1->op() != ToThis) {
-                auto metadata = currentInstruction->as<OpToThis>().metadata(codeBlock);
+                auto& metadata = currentInstruction->as<OpToThis>().metadata(codeBlock);
                 Structure* cachedStructure = metadata.cachedStructure.get();
                 if (metadata.toThisStatus != ToThisOK
                     || !cachedStructure
@@ -6163,7 +6163,7 @@
 
         case op_get_from_scope: {
             auto bytecode = currentInstruction->as<OpGetFromScope>();
-            auto metadata = bytecode.metadata(codeBlock);
+            auto& metadata = bytecode.metadata(codeBlock);
             unsigned identifierNumber = m_inlineStackTop->m_identifierRemap[bytecode.var];
             UniquedStringImpl* uid = m_graph.identifiers()[identifierNumber];
             ResolveType resolveType = metadata.getPutInfo.resolveType();

Modified: trunk/Source/_javascript_Core/generator/Metadata.rb (237733 => 237734)


--- trunk/Source/_javascript_Core/generator/Metadata.rb	2018-11-02 15:41:19 UTC (rev 237733)
+++ trunk/Source/_javascript_Core/generator/Metadata.rb	2018-11-02 15:46:57 UTC (rev 237734)
@@ -63,6 +63,9 @@
 
         <<-EOF
         struct Metadata {
+            WTF_MAKE_NONCOPYABLE(Metadata);
+
+        public:
             Metadata(const #{op.capitalized_name}&#{" __op" if inits})
             #{inits}
             { }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes