[webkit-changes] [115657] trunk/Source/JavaScriptCore

Mon, 30 Apr 2012 12:20:04 -0700

Title: [115657] trunk/Source/_javascript_Core
Revision
115657
Author
[email protected]
Date
2012-04-30 12:20:04 -0700 (Mon, 30 Apr 2012)

Log Message

End of Interpreter::tryCacheGetByID can trigger the garbage collector
https://bugs.webkit.org/show_bug.cgi?id=84927

Patch by Myles Maxfield <[email protected]> on 2012-04-30
Reviewed by Oliver Hunt.

* interpreter/Interpreter.cpp:
(JSC::Interpreter::tryCacheGetByID):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (115656 => 115657)


--- trunk/Source/_javascript_Core/ChangeLog	2012-04-30 19:12:12 UTC (rev 115656)
+++ trunk/Source/_javascript_Core/ChangeLog	2012-04-30 19:20:04 UTC (rev 115657)
@@ -1,3 +1,13 @@
+2012-04-30  Myles Maxfield  <[email protected]>
+
+        End of Interpreter::tryCacheGetByID can trigger the garbage collector
+        https://bugs.webkit.org/show_bug.cgi?id=84927
+
+        Reviewed by Oliver Hunt.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::tryCacheGetByID):
+
 2012-04-30  Benjamin Poulain  <[email protected]>
 
         jsSingleCharacterString and jsSingleCharacterSubstring are not inlined

Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (115656 => 115657)


--- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp	2012-04-30 19:12:12 UTC (rev 115656)
+++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp	2012-04-30 19:20:04 UTC (rev 115657)
@@ -1865,6 +1865,7 @@
     }
 
     
+    StructureChain* prototypeChain = structure->prototypeChain(callFrame);
     switch (slot.cachedPropertyType()) {
     case PropertySlot::Getter:
         vPC[0] = getOpcode(op_get_by_id_getter_chain);
@@ -1880,7 +1881,7 @@
         break;
     }
     vPC[4].u.structure.set(callFrame->globalData(), codeBlock->ownerExecutable(), structure);
-    vPC[5].u.structureChain.set(callFrame->globalData(), codeBlock->ownerExecutable(), structure->prototypeChain(callFrame));
+    vPC[5].u.structureChain.set(callFrame->globalData(), codeBlock->ownerExecutable(), prototypeChain);
     vPC[6] = count;
 }
 

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to