Title: [193491] trunk/Source/_javascript_Core
- Revision
- 193491
- Author
- [email protected]
- Date
- 2015-12-04 17:04:20 -0800 (Fri, 04 Dec 2015)
Log Message
CRASH: CodeBlock::setOptimizationThresholdBasedOnCompilationResult + 567
https://bugs.webkit.org/show_bug.cgi?id=151892
Reviewed by Mark Lam.
When the debugger is in the process of attaching and it recompiles functions
for debugging, there can also be a DFG compilation running concurrently.
When we go to update the optimization threshold and find that the replacement
is also baseline code, we shouldn't update the threshold.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (193490 => 193491)
--- trunk/Source/_javascript_Core/ChangeLog 2015-12-05 01:00:29 UTC (rev 193490)
+++ trunk/Source/_javascript_Core/ChangeLog 2015-12-05 01:04:20 UTC (rev 193491)
@@ -1,3 +1,18 @@
+2015-12-04 Michael Saboff <[email protected]>
+
+ CRASH: CodeBlock::setOptimizationThresholdBasedOnCompilationResult + 567
+ https://bugs.webkit.org/show_bug.cgi?id=151892
+
+ Reviewed by Mark Lam.
+
+ When the debugger is in the process of attaching and it recompiles functions
+ for debugging, there can also be a DFG compilation running concurrently.
+ When we go to update the optimization threshold and find that the replacement
+ is also baseline code, we shouldn't update the threshold.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
+
2015-12-04 Jonathan Davis <[email protected]>
Update feature status for up-to-date status information.
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (193490 => 193491)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2015-12-05 01:00:29 UTC (rev 193490)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2015-12-05 01:04:20 UTC (rev 193491)
@@ -3705,6 +3705,12 @@
}
CodeBlock* theReplacement = replacement();
+
+ // If our replacement is baseline code, the debugger has probably attached and recompiled the function.
+ // No threshold to change.
+ if ((result == CompilationSuccessful) && (theReplacement->jitType() == JITCode::BaselineJIT))
+ return;
+
if ((result == CompilationSuccessful) != (theReplacement != this)) {
dataLog(*this, ": we have result = ", result, " but ");
if (theReplacement == this)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
