Ignore:
Timestamp:
Sep 21, 2012, 4:29:30 PM (13 years ago)
Author:
[email protected]
Message:

REGRESSION (r128400): Opening Google Web Fonts page hangs or crashes
https://bugs.webkit.org/show_bug.cgi?id=97328

Reviewed by Mark Hahnenberg.

It's a bad idea to emit stub code that reallocates property storage when we're in indexed
storage mode. DFGRepatch.cpp knew this and had the appropriate check in one of the places,
but it didn't have it in all of the places.

This change also adds some more handy disassembly support, which I used to find the bug.

  • assembler/LinkBuffer.h:

(JSC):

  • dfg/DFGRepatch.cpp:

(JSC::DFG::generateProtoChainAccessStub):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::emitPutReplaceStub):
(JSC::DFG::emitPutTransitionStub):
(JSC::DFG::tryCachePutByID):

  • jit/JITStubRoutine.h:

(JSC):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jit/JITStubRoutine.h

    r122208 r129272  
    154154    (adoptRef(new JITStubRoutine(FINALIZE_CODE((patchBuffer), dataLogArguments))))
    155155
     156#define FINALIZE_CODE_FOR_DFG_STUB(patchBuffer, dataLogArguments) \
     157    (adoptRef(new JITStubRoutine(FINALIZE_DFG_CODE((patchBuffer), dataLogArguments))))
     158
    156159} // namespace JSC
    157160
Note: See TracChangeset for help on using the changeset viewer.