Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2f9b3951c5651e58a6296fcbff19c0c931951739
https://github.com/WebKit/WebKit/commit/2f9b3951c5651e58a6296fcbff19c0c931951739
Author: Yusuke Suzuki <[email protected]>
Date: 2026-03-02 (Mon, 02 Mar 2026)
Changed paths:
M Source/JavaScriptCore/runtime/StackFrame.h
M Source/WebCore/bindings/js/WebCoreJSClientData.cpp
Log Message:
-----------
[JSC] Async stack trace can have nullptr CodeBlock*
https://bugs.webkit.org/show_bug.cgi?id=308997
rdar://171401201
Reviewed by Yijia Huang and Sosuke Suzuki.
Async stack trace is having nullptr CodeBlock*, but
WebCore::JSVMClientData::overrideSourceURL is strongly assuming that
CodeBlock* is not nullptr. Since only use of that is obtaining
JSGlobalObject*, let's have JSCell* callee and get JSGlobalObject* if
CodeBlock* is nullptr.
The reason why CodeBlock becomes nullptr is because we can jettison
CodeBlock* when it is not executed right now: if it can be found in the
stack, we keep it, but otherwise, we may discard to reduce memory when
it is not executed recently. And async stack trace is not actually
putting CodeBlock* in the stack so that can be discarded. This is
expected and totally fine since (1) async function will not be returned
via `ret`. It is resumed with a call, thus we do not need to keep it and
(2) CodeBlock* generation is idempotent, so we are discarding it when it
is not recently executed and we would like to reduce memory size.
* Source/JavaScriptCore/runtime/StackFrame.h:
(JSC::StackFrame::callee const):
* Source/WebCore/bindings/js/WebCoreJSClientData.cpp:
(WebCore::JSVMClientData::overrideSourceURL const):
Canonical link: https://commits.webkit.org/308486@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
