Ignore:
Timestamp:
Jan 8, 2013, 2:02:04 PM (13 years ago)
Author:
[email protected]
Message:

REGRESSION (r138921): Crash in JSC::Arguments::create
https://bugs.webkit.org/show_bug.cgi?id=106329
<rdar://problem/12974196>

Source/JavaScriptCore:

Reviewed by Mark Hahnenberg.

Arguments::finishCreation() that takes an InlineCallFrame* needs to understand that the callee can
be unset, indicating that the callee needs to be loaded from the true call frame. This adds a
method to InlineCallFrame to do just that.

  • bytecode/CodeOrigin.cpp:

(JSC::InlineCallFrame::calleeForCallFrame):

  • bytecode/CodeOrigin.h:

(InlineCallFrame):

  • runtime/Arguments.h:

(JSC::Arguments::finishCreation):

LayoutTests:

Reviewed by Mark Hahnenberg.

  • fast/js/dfg-create-inlined-arguments-in-closure-inline-expected.txt: Added.
  • fast/js/dfg-create-inlined-arguments-in-closure-inline.html: Added.
  • fast/js/jsc-test-list:
  • fast/js/script-tests/dfg-create-inlined-arguments-in-closure-inline.js: Added.

(foo):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/bytecode/CodeOrigin.h

    r139021 r139109  
    3939
    4040struct InlineCallFrame;
     41class ExecState;
    4142class ExecutableBase;
    4243class JSFunction;
     
    111112    bool isClosureCall() const { return !callee; }
    112113   
     114    // Get the callee given a machine call frame to which this InlineCallFrame belongs.
     115    JSFunction* calleeForCallFrame(ExecState*) const;
     116   
    113117    String inferredName() const;
    114118    CodeBlockHash hash() const;
Note: See TracChangeset for help on using the changeset viewer.