Title: [199617] trunk/Source/_javascript_Core
- Revision
- 199617
- Author
- [email protected]
- Date
- 2016-04-15 18:26:10 -0700 (Fri, 15 Apr 2016)
Log Message
Some JIT/DFG operations need NativeCallFrameTracers
https://bugs.webkit.org/show_bug.cgi?id=156650
Reviewed by Michael Saboff.
Some of our operation functions did not have native call frame
tracers. This meant that we would crash occasionally on some
of our tests when they triggered a GC in one of the functions
without a tracer. In particular, this was exemplified by another
upcoming patch when calling operationSetFunctionName.
This patch does not add tests since this happens consistently in
the patch adding delete_by_id to the DFG.
* dfg/DFGOperations.cpp:
* jit/JITOperations.cpp:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (199616 => 199617)
--- trunk/Source/_javascript_Core/ChangeLog 2016-04-16 01:02:59 UTC (rev 199616)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-04-16 01:26:10 UTC (rev 199617)
@@ -1,3 +1,22 @@
+2016-04-15 Keith Miller <[email protected]>
+
+ Some JIT/DFG operations need NativeCallFrameTracers
+ https://bugs.webkit.org/show_bug.cgi?id=156650
+
+ Reviewed by Michael Saboff.
+
+ Some of our operation functions did not have native call frame
+ tracers. This meant that we would crash occasionally on some
+ of our tests when they triggered a GC in one of the functions
+ without a tracer. In particular, this was exemplified by another
+ upcoming patch when calling operationSetFunctionName.
+
+ This patch does not add tests since this happens consistently in
+ the patch adding delete_by_id to the DFG.
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITOperations.cpp:
+
2016-04-15 Joseph Pecoraro <[email protected]>
Web Inspector: sourceMappingURL not used when sourceURL is set
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (199616 => 199617)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2016-04-16 01:02:59 UTC (rev 199616)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2016-04-16 01:26:10 UTC (rev 199617)
@@ -1036,6 +1036,9 @@
void JIT_OPERATION operationCopyRest(ExecState* exec, JSCell* arrayAsCell, Register* argumentStart, unsigned numberOfParamsToSkip, unsigned arraySize)
{
+ VM* vm = &exec->vm();
+ NativeCallFrameTracer tracer(vm, exec);
+
ASSERT(arraySize);
JSArray* array = jsCast<JSArray*>(arrayAsCell);
ASSERT(arraySize == array->length());
@@ -1309,6 +1312,9 @@
char* JIT_OPERATION operationFindSwitchImmTargetForDouble(
ExecState* exec, EncodedJSValue encodedValue, size_t tableIndex)
{
+ VM& vm = exec->vm();
+ NativeCallFrameTracer tracer(&vm, exec);
+
CodeBlock* codeBlock = exec->codeBlock();
SimpleJumpTable& table = codeBlock->switchJumpTable(tableIndex);
JSValue value = JSValue::decode(encodedValue);
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (199616 => 199617)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2016-04-16 01:02:59 UTC (rev 199616)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2016-04-16 01:26:10 UTC (rev 199617)
@@ -1115,6 +1115,9 @@
void JIT_OPERATION operationSetFunctionName(ExecState* exec, JSCell* funcCell, EncodedJSValue encodedName)
{
+ VM* vm = &exec->vm();
+ NativeCallFrameTracer tracer(vm, exec);
+
JSFunction* func = jsCast<JSFunction*>(funcCell);
JSValue name = JSValue::decode(encodedName);
func->setFunctionName(exec, name);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
