Changeset 230486 in webkit


Ignore:
Timestamp:
Apr 10, 2018 11:04:07 AM (6 years ago)
Author:
fpizlo@apple.com
Message:

ExecutableToCodeBlockEdge::visitChildren() should be cool with m_codeBlock being null since we clear it in finalizeUnconditionally()
https://bugs.webkit.org/show_bug.cgi?id=184460
<rdar://problem/37610966>

Reviewed by Mark Lam.

  • bytecode/ExecutableToCodeBlockEdge.cpp:

(JSC::ExecutableToCodeBlockEdge::visitChildren):

Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r230485 r230486  
     12018-04-10  Filip Pizlo  <fpizlo@apple.com>
     2
     3        ExecutableToCodeBlockEdge::visitChildren() should be cool with m_codeBlock being null since we clear it in finalizeUnconditionally()
     4        https://bugs.webkit.org/show_bug.cgi?id=184460
     5        <rdar://problem/37610966>
     6
     7        Reviewed by Mark Lam.
     8
     9        * bytecode/ExecutableToCodeBlockEdge.cpp:
     10        (JSC::ExecutableToCodeBlockEdge::visitChildren):
     11
    1122018-04-10  Filip Pizlo  <fpizlo@apple.com>
    213
  • trunk/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.cpp

    r226783 r230486  
    5050    ExecutableToCodeBlockEdge* edge = jsCast<ExecutableToCodeBlockEdge*>(cell);
    5151    CodeBlock* codeBlock = edge->m_codeBlock.get();
     52   
     53    // It's possible for someone to hold a pointer to the edge after the edge has cleared its weak
     54    // reference to the codeBlock. In a conservative GC like ours, that could happen at random for
     55    // no good reason and it's Totally OK (TM). See finalizeUnconditionally() for where we clear
     56    // m_codeBlock.
     57    if (!codeBlock)
     58        return;
    5259   
    5360    if (!edge->m_isActive) {
Note: See TracChangeset for help on using the changeset viewer.