Title: [147947] trunk/Source/_javascript_Core
- Revision
- 147947
- Author
- [email protected]
- Date
- 2013-04-08 13:25:13 -0700 (Mon, 08 Apr 2013)
Log Message
Make resolve more robust in the face of lookup misses
https://bugs.webkit.org/show_bug.cgi?id=114211
Reviewed by Filip Pizlo.
This simply short circuits the resolve operations in the
event that we don't find a path to a property. There's no
repro case for this happening unfortunately.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (147946 => 147947)
--- trunk/Source/_javascript_Core/ChangeLog 2013-04-08 20:09:17 UTC (rev 147946)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-04-08 20:25:13 UTC (rev 147947)
@@ -1,5 +1,19 @@
2013-04-08 Oliver Hunt <[email protected]>
+ Make resolve more robust in the face of lookup misses
+ https://bugs.webkit.org/show_bug.cgi?id=114211
+
+ Reviewed by Filip Pizlo.
+
+ This simply short circuits the resolve operations in the
+ event that we don't find a path to a property. There's no
+ repro case for this happening unfortunately.
+
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+
+2013-04-08 Oliver Hunt <[email protected]>
+
Build fix.
* assembler/ARMv7Assembler.h:
Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (147946 => 147947)
--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2013-04-08 20:09:17 UTC (rev 147946)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2013-04-08 20:25:13 UTC (rev 147947)
@@ -790,6 +790,9 @@
ResolveOperations* operations = pc[3].u.resolveOperations;
JSValue result = JSScope::resolve(exec, ident, operations);
ASSERT(operations->size());
+ if (operations->isEmpty())
+ LLINT_RETURN_PROFILED(op_resolve, result);
+
switch (operations->data()[0].m_operation) {
case ResolveOperation::GetAndReturnGlobalProperty:
pc[0].u.opcode = LLInt::getOpcode(llint_op_resolve_global_property);
@@ -844,7 +847,13 @@
LLINT_THROW(globalData.exception);
} else
result = JSScope::resolveBase(exec, ident, false, operations, pc[5].u.putToBaseOperation);
+
ASSERT(operations->size());
+ if (operations->isEmpty()) {
+ LLINT_PROFILE_VALUE(op_resolve_base, result);
+ LLINT_RETURN(result);
+ }
+
switch (operations->data()[0].m_operation) {
case ResolveOperation::ReturnGlobalObjectAsBase:
pc[0].u.opcode = LLInt::getOpcode(llint_op_resolve_base_to_global);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
