Changeset 107338 in webkit
- Timestamp:
- Feb 9, 2012 6:26:04 PM (12 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r107131 r107338 1 2012-02-09 Oliver Hunt <oliver@apple.com> 2 3 The JS Parser scope object needs a VectorTrait specialization 4 https://bugs.webkit.org/show_bug.cgi?id=78308 5 6 Reviewed by Gavin Barraclough. 7 8 This showed up as a periodic crash in various bits of generated code 9 originally, but I've added an assertion in the bytecode generator 10 that makes the effected code much more crash-happy should it go 11 wrong again. 12 13 * bytecompiler/BytecodeGenerator.cpp: 14 (JSC::BytecodeGenerator::BytecodeGenerator): 15 (JSC::BytecodeGenerator::resolve): 16 * parser/Parser.cpp: 17 * parser/Parser.h: 18 (JSC): 19 * runtime/JSActivation.h: 20 (JSC::JSActivation::isValidScopedLookup): 21 (JSActivation): 22 1 23 2012-02-08 Oliver Hunt <oliver@apple.com> 2 24 -
trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
r106590 r107338 33 33 34 34 #include "BatchedTransitionOptimizer.h" 35 #include "JSActivation.h" 35 36 #include "JSFunction.h" 36 37 #include "Interpreter.h" … … 414 415 addVar(ident, varStack[i].second & DeclarationStacks::IsConstant); 415 416 } 416 417 417 418 if (m_shouldEmitDebugHooks) 418 419 codeBlock->m_numCapturedVars = codeBlock->m_numVars; … … 1208 1209 return ResolveResult::indexedGlobalResolve(entry.getIndex(), currentScope, flags); 1209 1210 } 1211 #if !ASSERT_DISABLED 1212 if (JSActivation* activation = jsDynamicCast<JSActivation*>(currentVariableObject)) 1213 ASSERT(activation->isValidScopedLookup(entry.getIndex())); 1214 #endif 1210 1215 return ResolveResult::lexicalResolve(entry.getIndex(), depth, flags); 1211 1216 } -
trunk/Source/JavaScriptCore/parser/Parser.cpp
r106589 r107338 2 2 * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) 3 3 * Copyright (C) 2001 Peter Kelly (pmk@post.com) 4 * Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.4 * Copyright (C) 2003, 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights reserved. 5 5 * 6 6 * This library is free software; you can redistribute it and/or -
trunk/Source/JavaScriptCore/parser/Parser.h
r106454 r107338 2 2 * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) 3 3 * Copyright (C) 2001 Peter Kelly (pmk@post.com) 4 * Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.4 * Copyright (C) 2003, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. 5 5 * 6 6 * This library is free software; you can redistribute it and/or … … 38 38 #include <wtf/OwnPtr.h> 39 39 #include <wtf/RefPtr.h> 40 namespace JSC { 41 struct Scope; 42 } 43 44 namespace WTF { 45 template <> struct VectorTraits<JSC::Scope> : SimpleClassVectorTraits { 46 static const bool canInitializeWithMemset = false; // Not all Scope data members initialize to 0. 47 }; 48 } 40 49 41 50 namespace JSC { -
trunk/Source/JavaScriptCore/runtime/JSActivation.h
r104899 r107338 76 76 static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto) { return Structure::create(globalData, globalObject, proto, TypeInfo(ActivationObjectType, StructureFlags), &s_info); } 77 77 78 bool isValidScopedLookup(int index) { return index < m_numCapturedVars; } 79 78 80 protected: 79 81 void finishCreation(CallFrame*);
Note: See TracChangeset
for help on using the changeset viewer.