Title: [151045] trunk/Source/_javascript_Core
- Revision
- 151045
- Author
- [email protected]
- Date
- 2013-05-31 15:08:16 -0700 (Fri, 31 May 2013)
Log Message
Incorrect assertion in DFG::Graph::uncheckedActivationRegisterFor()
<rdar://problem/13989324>
Rubber stamped by Mark Hahnenberg.
This has a bogus assertion that checks that the passed CodeOrigin doesn't have
an inline call frame. This was well intentioned in the sense that it is true
that inlined call frames wouldn't have an activation register. But that doesn't
mean that people won't ask. Removing the assertion fixes a debug-only crash and
has no impact on production code. This change adds a comment to that effect.
* dfg/DFGGraph.h:
(JSC::DFG::Graph::uncheckedActivationRegisterFor):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (151044 => 151045)
--- trunk/Source/_javascript_Core/ChangeLog 2013-05-31 22:01:56 UTC (rev 151044)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-05-31 22:08:16 UTC (rev 151045)
@@ -1,3 +1,19 @@
+2013-05-31 Filip Pizlo <[email protected]>
+
+ Incorrect assertion in DFG::Graph::uncheckedActivationRegisterFor()
+ <rdar://problem/13989324>
+
+ Rubber stamped by Mark Hahnenberg.
+
+ This has a bogus assertion that checks that the passed CodeOrigin doesn't have
+ an inline call frame. This was well intentioned in the sense that it is true
+ that inlined call frames wouldn't have an activation register. But that doesn't
+ mean that people won't ask. Removing the assertion fixes a debug-only crash and
+ has no impact on production code. This change adds a comment to that effect.
+
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::uncheckedActivationRegisterFor):
+
2013-05-31 Julien Brianceau <[email protected]>
[sh4] Fix Overflow case of branchMul32 in baseline JIT.
Modified: trunk/Source/_javascript_Core/dfg/DFGGraph.h (151044 => 151045)
--- trunk/Source/_javascript_Core/dfg/DFGGraph.h 2013-05-31 22:01:56 UTC (rev 151044)
+++ trunk/Source/_javascript_Core/dfg/DFGGraph.h 2013-05-31 22:08:16 UTC (rev 151045)
@@ -410,9 +410,14 @@
codeOrigin.inlineCallFrame->stackOffset;
}
- int uncheckedActivationRegisterFor(const CodeOrigin& codeOrigin)
+ int uncheckedActivationRegisterFor(const CodeOrigin&)
{
- ASSERT_UNUSED(codeOrigin, !codeOrigin.inlineCallFrame);
+ // This will ignore CodeOrigin because we don't inline code that uses activations.
+ // Hence for inlined call frames it will return the outermost code block's
+ // activation register. This method is only used to compare the result to a local
+ // to see if we're mucking with the activation register. Hence if we return the
+ // "wrong" activation register for the frame then it will compare false, which is
+ // what we wanted.
return m_codeBlock->uncheckedActivationRegister();
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
