Title: [171946] trunk/Source/_javascript_Core
- Revision
- 171946
- Author
- [email protected]
- Date
- 2014-08-01 13:17:25 -0700 (Fri, 01 Aug 2014)
Log Message
CodeBlock fails to visit the Executables of its InlineCallFrames
https://bugs.webkit.org/show_bug.cgi?id=135471
Patch by Mark Hahnenberg <[email protected]> on 2014-08-01
Reviewed by Geoffrey Garen.
CodeBlock needs to visit its InlineCallFrames' owner Executables. If it doesn't, they
can be prematurely collected and cause crashes.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::stronglyVisitStrongReferences):
* bytecode/CodeOrigin.h:
(JSC::InlineCallFrame::visitAggregate):
* bytecode/InlineCallFrameSet.cpp:
(JSC::InlineCallFrameSet::visitAggregate):
* bytecode/InlineCallFrameSet.h:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (171945 => 171946)
--- trunk/Source/_javascript_Core/ChangeLog 2014-08-01 20:01:15 UTC (rev 171945)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-08-01 20:17:25 UTC (rev 171946)
@@ -1,3 +1,21 @@
+2014-08-01 Mark Hahnenberg <[email protected]>
+
+ CodeBlock fails to visit the Executables of its InlineCallFrames
+ https://bugs.webkit.org/show_bug.cgi?id=135471
+
+ Reviewed by Geoffrey Garen.
+
+ CodeBlock needs to visit its InlineCallFrames' owner Executables. If it doesn't, they
+ can be prematurely collected and cause crashes.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ * bytecode/CodeOrigin.h:
+ (JSC::InlineCallFrame::visitAggregate):
+ * bytecode/InlineCallFrameSet.cpp:
+ (JSC::InlineCallFrameSet::visitAggregate):
+ * bytecode/InlineCallFrameSet.h:
+
2014-08-01 Alex Christensen <[email protected]>
Progress towards cmake on Windows.
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (171945 => 171946)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2014-08-01 20:01:15 UTC (rev 171945)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2014-08-01 20:17:25 UTC (rev 171946)
@@ -2595,6 +2595,14 @@
for (unsigned i = 0; i < m_objectAllocationProfiles.size(); ++i)
m_objectAllocationProfiles[i].visitAggregate(visitor);
+#if ENABLE(DFG_JIT)
+ if (JITCode::isOptimizingJIT(jitType())) {
+ DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
+ if (dfgCommon->inlineCallFrames.get())
+ dfgCommon->inlineCallFrames->visitAggregate(visitor);
+ }
+#endif
+
updateAllPredictions();
}
Modified: trunk/Source/_javascript_Core/bytecode/CodeOrigin.h (171945 => 171946)
--- trunk/Source/_javascript_Core/bytecode/CodeOrigin.h 2014-08-01 20:01:15 UTC (rev 171945)
+++ trunk/Source/_javascript_Core/bytecode/CodeOrigin.h 2014-08-01 20:17:25 UTC (rev 171946)
@@ -182,6 +182,11 @@
return jsCast<JSFunction*>(calleeRecovery.constant());
return 0;
}
+
+ void visitAggregate(SlotVisitor& visitor)
+ {
+ visitor.append(&executable);
+ }
// Get the callee given a machine call frame to which this InlineCallFrame belongs.
JSFunction* calleeForCallFrame(ExecState*) const;
Modified: trunk/Source/_javascript_Core/bytecode/InlineCallFrameSet.cpp (171945 => 171946)
--- trunk/Source/_javascript_Core/bytecode/InlineCallFrameSet.cpp 2014-08-01 20:01:15 UTC (rev 171945)
+++ trunk/Source/_javascript_Core/bytecode/InlineCallFrameSet.cpp 2014-08-01 20:17:25 UTC (rev 171946)
@@ -36,5 +36,11 @@
return m_frames.add();
}
+void InlineCallFrameSet::visitAggregate(SlotVisitor& visitor)
+{
+ for (InlineCallFrame* callFrame : m_frames)
+ callFrame->visitAggregate(visitor);
+}
+
} // namespace JSC
Modified: trunk/Source/_javascript_Core/bytecode/InlineCallFrameSet.h (171945 => 171946)
--- trunk/Source/_javascript_Core/bytecode/InlineCallFrameSet.h 2014-08-01 20:01:15 UTC (rev 171945)
+++ trunk/Source/_javascript_Core/bytecode/InlineCallFrameSet.h 2014-08-01 20:17:25 UTC (rev 171946)
@@ -44,6 +44,8 @@
typedef Bag<InlineCallFrame>::iterator iterator;
iterator begin() { return m_frames.begin(); }
iterator end() { return m_frames.end(); }
+
+ void visitAggregate(SlotVisitor&);
private:
Bag<InlineCallFrame> m_frames;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
