Diff
Modified: branches/safari-534.54-branch/Source/_javascript_Core/ChangeLog (107609 => 107610)
--- branches/safari-534.54-branch/Source/_javascript_Core/ChangeLog 2012-02-13 22:17:07 UTC (rev 107609)
+++ branches/safari-534.54-branch/Source/_javascript_Core/ChangeLog 2012-02-13 22:21:23 UTC (rev 107610)
@@ -1,3 +1,29 @@
+2011-02-13 Lucas Forschler <[email protected]>
+
+ Merge 107338
+
+ 2012-02-09 Oliver Hunt <[email protected]>
+
+ The JS Parser scope object needs a VectorTrait specialization
+ https://bugs.webkit.org/show_bug.cgi?id=78308
+
+ Reviewed by Gavin Barraclough.
+
+ This showed up as a periodic crash in various bits of generated code
+ originally, but I've added an assertion in the bytecode generator
+ that makes the effected code much more crash-happy should it go
+ wrong again.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::resolve):
+ * parser/Parser.cpp:
+ * parser/Parser.h:
+ (JSC):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::isValidScopedLookup):
+ (JSActivation):
+
2011-02-09 Lucas Forschler <[email protected]>
Merge 106596
Modified: branches/safari-534.54-branch/Source/_javascript_Core/parser/Parser.cpp (107609 => 107610)
--- branches/safari-534.54-branch/Source/_javascript_Core/parser/Parser.cpp 2012-02-13 22:17:07 UTC (rev 107609)
+++ branches/safari-534.54-branch/Source/_javascript_Core/parser/Parser.cpp 2012-02-13 22:21:23 UTC (rev 107610)
@@ -1,7 +1,7 @@
/*
* Copyright (C) 1999-2001 Harri Porten ([email protected])
* Copyright (C) 2001 Peter Kelly ([email protected])
- * Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2003, 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
Modified: branches/safari-534.54-branch/Source/_javascript_Core/parser/Parser.h (107609 => 107610)
--- branches/safari-534.54-branch/Source/_javascript_Core/parser/Parser.h 2012-02-13 22:17:07 UTC (rev 107609)
+++ branches/safari-534.54-branch/Source/_javascript_Core/parser/Parser.h 2012-02-13 22:21:23 UTC (rev 107610)
@@ -1,7 +1,7 @@
/*
* Copyright (C) 1999-2001 Harri Porten ([email protected])
* Copyright (C) 2001 Peter Kelly ([email protected])
- * Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2003, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
@@ -37,7 +37,16 @@
#include <wtf/Noncopyable.h>
#include <wtf/OwnPtr.h>
#include <wtf/RefPtr.h>
+namespace JSC {
+struct Scope;
+}
+namespace WTF {
+template <> struct VectorTraits<JSC::Scope> : SimpleClassVectorTraits {
+ static const bool canInitializeWithMemset = false; // Not all Scope data members initialize to 0.
+};
+}
+
namespace JSC {
class ExecState;
Modified: branches/safari-534.54-branch/Source/_javascript_Core/runtime/JSActivation.h (107609 => 107610)
--- branches/safari-534.54-branch/Source/_javascript_Core/runtime/JSActivation.h 2012-02-13 22:17:07 UTC (rev 107609)
+++ branches/safari-534.54-branch/Source/_javascript_Core/runtime/JSActivation.h 2012-02-13 22:21:23 UTC (rev 107610)
@@ -75,6 +75,8 @@
static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto) { return Structure::create(globalData, globalObject, proto, TypeInfo(ActivationObjectType, StructureFlags), &s_info); }
+ bool isValidScopedLookup(int index) { return index < m_numCapturedVars; }
+
protected:
void finishCreation(CallFrame*);
static const unsigned StructureFlags = IsEnvironmentRecord | OverridesGetOwnPropertySlot | OverridesVisitChildren | OverridesGetPropertyNames | JSVariableObject::StructureFlags;
