Title: [106594] trunk/Source/_javascript_Core
- Revision
- 106594
- Author
- [email protected]
- Date
- 2012-02-02 14:55:12 -0800 (Thu, 02 Feb 2012)
Log Message
Throwing away bytecode and then reparsing during DFG optimization is just
plain wrong and makes things crash
https://bugs.webkit.org/show_bug.cgi?id=77680
<rdar://problem/10798490>
Reviewed by Oliver Hunt.
This is the minimal surgical fix: it removes the code that triggered bytecode
throw-away. Once we're confident that this is a good idea, we can kill all of
the code that implements the feature.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::discardBytecodeLater):
(JSC::CodeBlock::addValueProfile):
* jit/JITDriver.h:
(JSC::jitCompileIfAppropriate):
(JSC::jitCompileFunctionIfAppropriate):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (106593 => 106594)
--- trunk/Source/_javascript_Core/ChangeLog 2012-02-02 22:50:42 UTC (rev 106593)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-02-02 22:55:12 UTC (rev 106594)
@@ -1,5 +1,25 @@
2012-02-02 Filip Pizlo <[email protected]>
+ Throwing away bytecode and then reparsing during DFG optimization is just
+ plain wrong and makes things crash
+ https://bugs.webkit.org/show_bug.cgi?id=77680
+ <rdar://problem/10798490>
+
+ Reviewed by Oliver Hunt.
+
+ This is the minimal surgical fix: it removes the code that triggered bytecode
+ throw-away. Once we're confident that this is a good idea, we can kill all of
+ the code that implements the feature.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::discardBytecodeLater):
+ (JSC::CodeBlock::addValueProfile):
+ * jit/JITDriver.h:
+ (JSC::jitCompileIfAppropriate):
+ (JSC::jitCompileFunctionIfAppropriate):
+
+2012-02-02 Filip Pizlo <[email protected]>
+
Release build debugging should be easier
https://bugs.webkit.org/show_bug.cgi?id=77669
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.h (106593 => 106594)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.h 2012-02-02 22:50:42 UTC (rev 106593)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.h 2012-02-02 22:55:12 UTC (rev 106594)
@@ -352,13 +352,6 @@
{
m_shouldDiscardBytecode = true;
}
- void handleBytecodeDiscardingOpportunity()
- {
- if (!!alternative())
- discardBytecode();
- else
- discardBytecodeLater();
- }
bool usesOpcode(OpcodeID);
@@ -518,6 +511,7 @@
ValueProfile* addValueProfile(int bytecodeOffset)
{
ASSERT(bytecodeOffset != -1);
+ ASSERT(m_valueProfiles.isEmpty() || m_valueProfiles.last().m_bytecodeOffset < bytecodeOffset);
m_valueProfiles.append(ValueProfile(bytecodeOffset));
return &m_valueProfiles.last();
}
Modified: trunk/Source/_javascript_Core/jit/JITDriver.h (106593 => 106594)
--- trunk/Source/_javascript_Core/jit/JITDriver.h 2012-02-02 22:50:42 UTC (rev 106593)
+++ trunk/Source/_javascript_Core/jit/JITDriver.h 2012-02-02 22:55:12 UTC (rev 106594)
@@ -55,10 +55,6 @@
}
jitCode = JIT::compile(&globalData, codeBlock.get());
}
-#if !ENABLE(OPCODE_SAMPLING)
- if (!BytecodeGenerator::dumpsGeneratedCode())
- codeBlock->handleBytecodeDiscardingOpportunity();
-#endif
codeBlock->setJITCode(jitCode, MacroAssemblerCodePtr());
return true;
@@ -83,10 +79,6 @@
}
jitCode = JIT::compile(&globalData, codeBlock.get(), &jitCodeWithArityCheck);
}
-#if !ENABLE(OPCODE_SAMPLING)
- if (!BytecodeGenerator::dumpsGeneratedCode())
- codeBlock->handleBytecodeDiscardingOpportunity();
-#endif
codeBlock->setJITCode(jitCode, jitCodeWithArityCheck);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
