[webkit-changes] [240806] trunk/Source/JavaScriptCore

Thu, 31 Jan 2019 12:16:51 -0800

Title: [240806] trunk/Source/_javascript_Core
Revision
240806
Author
ysuz...@apple.com
Date
2019-01-31 12:15:48 -0800 (Thu, 31 Jan 2019)

Log Message

Unreviewed, follow-up after r240796

Initialize WriteBarrier<InferredValue> in the constructor. Otherwise, GC can see the broken one
when allocating InferredValue in FunctionExecutable::finishCreation.

* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::FunctionExecutable):
(JSC::FunctionExecutable::finishCreation):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (240805 => 240806)


--- trunk/Source/_javascript_Core/ChangeLog	2019-01-31 20:01:07 UTC (rev 240805)
+++ trunk/Source/_javascript_Core/ChangeLog	2019-01-31 20:15:48 UTC (rev 240806)
@@ -1,5 +1,16 @@
 2019-01-31  Yusuke Suzuki  <ysuz...@apple.com>
 
+        Unreviewed, follow-up after r240796
+
+        Initialize WriteBarrier<InferredValue> in the constructor. Otherwise, GC can see the broken one
+        when allocating InferredValue in FunctionExecutable::finishCreation.
+
+        * runtime/FunctionExecutable.cpp:
+        (JSC::FunctionExecutable::FunctionExecutable):
+        (JSC::FunctionExecutable::finishCreation):
+
+2019-01-31  Yusuke Suzuki  <ysuz...@apple.com>
+
         [JSC] Do not use InferredValue in non-JIT configuration
         https://bugs.webkit.org/show_bug.cgi?id=194084

Modified: trunk/Source/_javascript_Core/runtime/FunctionExecutable.cpp (240805 => 240806)


--- trunk/Source/_javascript_Core/runtime/FunctionExecutable.cpp	2019-01-31 20:01:07 UTC (rev 240805)
+++ trunk/Source/_javascript_Core/runtime/FunctionExecutable.cpp	2019-01-31 20:15:48 UTC (rev 240806)
@@ -53,6 +53,10 @@
     m_parametersStartOffset = unlinkedExecutable->parametersStartOffset();
     m_typeProfilingStartOffset = unlinkedExecutable->typeProfilingStartOffset();
     m_typeProfilingEndOffset = unlinkedExecutable->typeProfilingEndOffset();
+    if (VM::canUseJIT())
+        new (&m_singletonFunction) WriteBarrier<InferredValue>();
+    else
+        m_singletonFunctionState = ClearWatchpoint;
 }
 
 void FunctionExecutable::finishCreation(VM& vm)
@@ -60,8 +64,6 @@
     Base::finishCreation(vm);
     if (VM::canUseJIT())
         m_singletonFunction.set(vm, this, InferredValue::create(vm));
-    else
-        m_singletonFunctionState = ClearWatchpoint;
 }
 
 void FunctionExecutable::destroy(JSCell* cell)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to