Changeset 87190 in webkit
- Timestamp:
- May 24, 2011 12:39:47 PM (13 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
bytecode/CodeBlock.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r87184 r87190 1 2011-05-24 Oliver Hunt <oliver@apple.com> 2 3 Reviewed by Gavin Barraclough. 4 5 Interpreter crashes with gc validation enabled due to failure to mark initial cache structure 6 https://bugs.webkit.org/show_bug.cgi?id=61385 7 8 The interpreter uses the structure slot of get_by_id and put_by_id to hold 9 the initial structure it encountered so that it can identify whether a 10 given access is stable. 11 12 When marking though we only visit the slot when we've decided to cache, and 13 so this value could die. This was "safe" as the value was only used for a 14 pointer compare, but it was incorrect. We now just mark the slot like we 15 should have been doing already. 16 17 * bytecode/CodeBlock.cpp: 18 (JSC::CodeBlock::visitStructures): 19 1 20 2011-05-24 Adam Roben <aroben@apple.com> 2 21 -
trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
r85523 r87190 1406 1406 Interpreter* interpreter = m_globalData->interpreter; 1407 1407 1408 if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id) && vPC[4].u.structure) { 1409 visitor.append(&vPC[4].u.structure); 1410 return; 1411 } 1412 1408 1413 if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_self) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_getter_self) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_custom_self)) { 1409 1414 visitor.append(&vPC[4].u.structure); … … 1424 1429 visitor.append(&vPC[5].u.structure); 1425 1430 visitor.append(&vPC[6].u.structureChain); 1431 return; 1432 } 1433 if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id) && vPC[4].u.structure) { 1434 visitor.append(&vPC[4].u.structure); 1426 1435 return; 1427 1436 }
Note: See TracChangeset
for help on using the changeset viewer.
