Title: [171977] branches/safari-600.1.4-branch/Source/_javascript_Core
- Revision
- 171977
- Author
- [email protected]
- Date
- 2014-08-03 00:40:51 -0700 (Sun, 03 Aug 2014)
Log Message
Merged r171946. <rdar://problem/17888408>
Modified Paths
Diff
Modified: branches/safari-600.1.4-branch/Source/_javascript_Core/ChangeLog (171976 => 171977)
--- branches/safari-600.1.4-branch/Source/_javascript_Core/ChangeLog 2014-08-03 07:37:11 UTC (rev 171976)
+++ branches/safari-600.1.4-branch/Source/_javascript_Core/ChangeLog 2014-08-03 07:40:51 UTC (rev 171977)
@@ -1,3 +1,25 @@
+2014-08-03 Babak Shafiei <[email protected]>
+
+ Merge r171946.
+
+ 2014-08-01 Mark Hahnenberg <[email protected]>
+
+ CodeBlock fails to visit the Executables of its InlineCallFrames
+ https://bugs.webkit.org/show_bug.cgi?id=135471
+
+ Reviewed by Geoffrey Garen.
+
+ CodeBlock needs to visit its InlineCallFrames' owner Executables. If it doesn't, they
+ can be prematurely collected and cause crashes.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ * bytecode/CodeOrigin.h:
+ (JSC::InlineCallFrame::visitAggregate):
+ * bytecode/InlineCallFrameSet.cpp:
+ (JSC::InlineCallFrameSet::visitAggregate):
+ * bytecode/InlineCallFrameSet.h:
+
2014-07-29 Matthew Hanson <[email protected]>
Merge r171689. <rdar://problem/17844890>
Modified: branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/CodeBlock.cpp (171976 => 171977)
--- branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/CodeBlock.cpp 2014-08-03 07:37:11 UTC (rev 171976)
+++ branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/CodeBlock.cpp 2014-08-03 07:40:51 UTC (rev 171977)
@@ -2398,6 +2398,14 @@
for (unsigned i = 0; i < m_objectAllocationProfiles.size(); ++i)
m_objectAllocationProfiles[i].visitAggregate(visitor);
+#if ENABLE(DFG_JIT)
+ if (JITCode::isOptimizingJIT(jitType())) {
+ DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
+ if (dfgCommon->inlineCallFrames.get())
+ dfgCommon->inlineCallFrames->visitAggregate(visitor);
+ }
+#endif
+
updateAllPredictions();
}
Modified: branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/CodeOrigin.h (171976 => 171977)
--- branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/CodeOrigin.h 2014-08-03 07:37:11 UTC (rev 171976)
+++ branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/CodeOrigin.h 2014-08-03 07:40:51 UTC (rev 171977)
@@ -146,6 +146,11 @@
return jsCast<JSFunction*>(calleeRecovery.constant());
return 0;
}
+
+ void visitAggregate(SlotVisitor& visitor)
+ {
+ visitor.append(&executable);
+ }
// Get the callee given a machine call frame to which this InlineCallFrame belongs.
JSFunction* calleeForCallFrame(ExecState*) const;
Modified: branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/InlineCallFrameSet.cpp (171976 => 171977)
--- branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/InlineCallFrameSet.cpp 2014-08-03 07:37:11 UTC (rev 171976)
+++ branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/InlineCallFrameSet.cpp 2014-08-03 07:40:51 UTC (rev 171977)
@@ -36,5 +36,11 @@
return m_frames.add();
}
+void InlineCallFrameSet::visitAggregate(SlotVisitor& visitor)
+{
+ for (InlineCallFrame* callFrame : m_frames)
+ callFrame->visitAggregate(visitor);
+}
+
} // namespace JSC
Modified: branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/InlineCallFrameSet.h (171976 => 171977)
--- branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/InlineCallFrameSet.h 2014-08-03 07:37:11 UTC (rev 171976)
+++ branches/safari-600.1.4-branch/Source/_javascript_Core/bytecode/InlineCallFrameSet.h 2014-08-03 07:40:51 UTC (rev 171977)
@@ -44,6 +44,8 @@
typedef Bag<InlineCallFrame>::iterator iterator;
iterator begin() { return m_frames.begin(); }
iterator end() { return m_frames.end(); }
+
+ void visitAggregate(SlotVisitor&);
private:
Bag<InlineCallFrame> m_frames;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
