Changeset 107338 in webkit


Ignore:
Timestamp:
Feb 9, 2012 6:26:04 PM (12 years ago)
Author:
oliver@apple.com
Message:

The JS Parser scope object needs a VectorTrait specialization
https://bugs.webkit.org/show_bug.cgi?id=78308

Reviewed by Gavin Barraclough.

This showed up as a periodic crash in various bits of generated code
originally, but I've added an assertion in the bytecode generator
that makes the effected code much more crash-happy should it go
wrong again.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::resolve):

  • parser/Parser.cpp:
  • parser/Parser.h:

(JSC):

  • runtime/JSActivation.h:

(JSC::JSActivation::isValidScopedLookup):
(JSActivation):

Location:
trunk/Source/JavaScriptCore
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r107131 r107338  
     12012-02-09  Oliver Hunt  <oliver@apple.com>
     2
     3        The JS Parser scope object needs a VectorTrait specialization
     4        https://bugs.webkit.org/show_bug.cgi?id=78308
     5
     6        Reviewed by Gavin Barraclough.
     7
     8        This showed up as a periodic crash in various bits of generated code
     9        originally, but I've added an assertion in the bytecode generator
     10        that makes the effected code much more crash-happy should it go
     11        wrong again.
     12
     13        * bytecompiler/BytecodeGenerator.cpp:
     14        (JSC::BytecodeGenerator::BytecodeGenerator):
     15        (JSC::BytecodeGenerator::resolve):
     16        * parser/Parser.cpp:
     17        * parser/Parser.h:
     18        (JSC):
     19        * runtime/JSActivation.h:
     20        (JSC::JSActivation::isValidScopedLookup):
     21        (JSActivation):
     22
    1232012-02-08  Oliver Hunt  <oliver@apple.com>
    224
  • trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

    r106590 r107338  
    3333
    3434#include "BatchedTransitionOptimizer.h"
     35#include "JSActivation.h"
    3536#include "JSFunction.h"
    3637#include "Interpreter.h"
     
    414415            addVar(ident, varStack[i].second & DeclarationStacks::IsConstant);
    415416    }
    416    
     417
    417418    if (m_shouldEmitDebugHooks)
    418419        codeBlock->m_numCapturedVars = codeBlock->m_numVars;
     
    12081209                return ResolveResult::indexedGlobalResolve(entry.getIndex(), currentScope, flags);
    12091210            }
     1211#if !ASSERT_DISABLED
     1212            if (JSActivation* activation = jsDynamicCast<JSActivation*>(currentVariableObject))
     1213                ASSERT(activation->isValidScopedLookup(entry.getIndex()));
     1214#endif
    12101215            return ResolveResult::lexicalResolve(entry.getIndex(), depth, flags);
    12111216        }
  • trunk/Source/JavaScriptCore/parser/Parser.cpp

    r106589 r107338  
    22 *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
    33 *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
    4  *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
     4 *  Copyright (C) 2003, 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights reserved.
    55 *
    66 *  This library is free software; you can redistribute it and/or
  • trunk/Source/JavaScriptCore/parser/Parser.h

    r106454 r107338  
    22 *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
    33 *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
    4  *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
     4 *  Copyright (C) 2003, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
    55 *
    66 *  This library is free software; you can redistribute it and/or
     
    3838#include <wtf/OwnPtr.h>
    3939#include <wtf/RefPtr.h>
     40namespace JSC {
     41struct Scope;
     42}
     43
     44namespace WTF {
     45template <> struct VectorTraits<JSC::Scope> : SimpleClassVectorTraits {
     46    static const bool canInitializeWithMemset = false; // Not all Scope data members initialize to 0.
     47};
     48}
    4049
    4150namespace JSC {
  • trunk/Source/JavaScriptCore/runtime/JSActivation.h

    r104899 r107338  
    7676        static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto) { return Structure::create(globalData, globalObject, proto, TypeInfo(ActivationObjectType, StructureFlags), &s_info); }
    7777
     78        bool isValidScopedLookup(int index) { return index < m_numCapturedVars; }
     79
    7880    protected:
    7981        void finishCreation(CallFrame*);
Note: See TracChangeset for help on using the changeset viewer.