Changeset 98302 in webkit


Ignore:
Timestamp:
Oct 24, 2011, 5:21:29 PM (14 years ago)
Author:
oliver@apple.com
Message:

Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
https://bugs.webkit.org/show_bug.cgi?id=70689

Reviewed by Filip Pizlo.

While performing codegen we need to make the GlobalData explicitly
aware of the codeblock being compiled, as compilation may trigger GC
and CodeBlock holds GC values, but has not yet been assigned to its
owner executable.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::~BytecodeGenerator):

  • bytecompiler/BytecodeGenerator.h:
  • heap/AllocationSpace.cpp:

(JSC::AllocationSpace::allocateSlowCase):

  • heap/Heap.cpp:

(JSC::Heap::markRoots):

  • runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::JSGlobalData):

  • runtime/JSGlobalData.h:

(JSC::JSGlobalData::startedCompiling):
(JSC::JSGlobalData::finishedCompiling):

Location:
trunk/Source/JavaScriptCore
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r98299 r98302  
     12011-10-24  Oliver Hunt  <oliver@apple.com>
     2
     3        Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
     4        https://bugs.webkit.org/show_bug.cgi?id=70689
     5
     6        Reviewed by Filip Pizlo.
     7
     8        While performing codegen we need to make the GlobalData explicitly
     9        aware of the codeblock being compiled, as compilation may trigger GC
     10        and CodeBlock holds GC values, but has not yet been assigned to its
     11        owner executable.
     12
     13        * bytecompiler/BytecodeGenerator.cpp:
     14        (JSC::BytecodeGenerator::BytecodeGenerator):
     15        (JSC::BytecodeGenerator::~BytecodeGenerator):
     16        * bytecompiler/BytecodeGenerator.h:
     17        * heap/AllocationSpace.cpp:
     18        (JSC::AllocationSpace::allocateSlowCase):
     19        * heap/Heap.cpp:
     20        (JSC::Heap::markRoots):
     21        * runtime/JSGlobalData.cpp:
     22        (JSC::JSGlobalData::JSGlobalData):
     23        * runtime/JSGlobalData.h:
     24        (JSC::JSGlobalData::startedCompiling):
     25        (JSC::JSGlobalData::finishedCompiling):
     26
    1272011-10-24  Filip Pizlo  <fpizlo@apple.com>
    228

  • trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

    r98179 r98302  
    220220    , m_expressionTooDeep(false)
    221221{
     222    m_globalData->startedCompiling(m_codeBlock);
    222223    if (m_shouldEmitDebugHooks)
    223224        m_codeBlock->setNeedsFullScopeChain(true);
     
    290291    , m_expressionTooDeep(false)
    291292{
     293    m_globalData->startedCompiling(m_codeBlock);
    292294    if (m_shouldEmitDebugHooks)
    293295        m_codeBlock->setNeedsFullScopeChain(true);
     
    451453    , m_expressionTooDeep(false)
    452454{
     455    m_globalData->startedCompiling(m_codeBlock);
    453456    if (m_shouldEmitDebugHooks || m_baseScopeDepth)
    454457        m_codeBlock->setNeedsFullScopeChain(true);
     
    471474    codeBlock->m_numCapturedVars = codeBlock->m_numVars;
    472475    preserveLastVar();
     476}
     477
     478BytecodeGenerator::~BytecodeGenerator()
     479{
     480    m_globalData->finishedCompiling(m_codeBlock);
    473481}
    474482

  • trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

    r97675 r98302  
    9797        BytecodeGenerator(EvalNode*, ScopeChainNode*, SymbolTable*, EvalCodeBlock*, CompilationKind);
    9898
     99        ~BytecodeGenerator();
     100       
    99101        JSGlobalData* globalData() const { return m_globalData; }
    100102        const CommonIdentifiers& propertyNames() const { return *m_globalData->propertyNames; }

  • trunk/Source/JavaScriptCore/heap/AllocationSpace.cpp

    r96432 r98302  
    4545{
    4646#if COLLECT_ON_EVERY_ALLOCATION
    47     collectAllGarbage();
     47    m_heap->collectAllGarbage();
    4848    ASSERT(m_heap->m_operationInProgress == NoOperation);
    4949#endif

  • trunk/Source/JavaScriptCore/heap/Heap.cpp

    r97642 r98302  
    601601    }
    602602#endif
    603 
     603   
     604    if (CodeBlock* codeBlock = m_globalData->codeBlockBeingCompiled) {
     605        GCPHASE(VisitActiveCodeBlock);
     606        codeBlock->visitAggregate(visitor);
     607    }
     608   
    604609    {
    605610        GCPHASE(VisitMachineRoots);

  • trunk/Source/JavaScriptCore/runtime/JSGlobalData.cpp

    r96563 r98302  
    180180    , propertyNames(new CommonIdentifiers(this))
    181181    , emptyList(new MarkedArgumentBuffer)
     182    , codeBlockBeingCompiled(0)
    182183#if ENABLE(ASSEMBLER)
    183184    , executableAllocator(*this)

  • trunk/Source/JavaScriptCore/runtime/JSGlobalData.h

    r96563 r98302  
    189189        NumericStrings numericStrings;
    190190        DateInstanceCache dateInstanceCache;
    191        
     191        CodeBlock* codeBlockBeingCompiled;
     192        void startedCompiling(CodeBlock* codeBlock)
     193        {
     194            ASSERT(!codeBlockBeingCompiled);
     195            codeBlockBeingCompiled = codeBlock;
     196        }
     197
     198        void finishedCompiling(CodeBlock* codeBlock)
     199        {
     200            ASSERT_UNUSED(codeBlock, codeBlock == codeBlockBeingCompiled);
     201            codeBlockBeingCompiled = 0;
     202        }
     203
    192204#if ENABLE(ASSEMBLER)
    193205        ExecutableAllocator executableAllocator;
Note: See TracChangeset for help on using the changeset viewer.