Changeset 153381 in webkit for trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

Timestamp:

Jul 26, 2013, 2:12:30 PM (12 years ago)

Author:

[email protected]

Message:

REGRESSION: Crash when opening a message on Gmail
​https://bugs.webkit.org/show_bug.cgi?id=119105

Source/JavaScriptCore:

Reviewed by Oliver Hunt and Mark Hahnenberg.

• GetById patching in the DFG needs to be more disciplined about how it derives the slow path.

• Fix some dumping code thread safety issues.

• bytecode/CallLinkStatus.cpp:

(JSC::CallLinkStatus::dump):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

• dfg/DFGRepatch.cpp:

(JSC::DFG::getPolymorphicStructureList):
(JSC::DFG::tryBuildGetByIDList):

LayoutTests:

Reviewed by Oliver Hunt and Mark Hahnenberg.

• fast/js/dfg-get-by-id-unset-then-proto-less-warmup.html: Added.
• fast/js/dfg-get-by-id-unset-then-proto-more-warmup.html: Added.
• fast/js/dfg-get-by-id-unset-then-proto.html: Added.
• fast/js/jsc-test-list
• fast/js/script-tests/dfg-get-by-id-unset-then-proto-less-warmup.js: Added.

(foo):
(Blah):

• fast/js/script-tests/dfg-get-by-id-unset-then-proto-more-warmup.js: Added.

(foo):
(Blah):

• fast/js/script-tests/dfg-get-by-id-unset-then-proto.js: Added.

(foo):
(Blah):

File:

• trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -488 +488 @@
     if (needsFullScopeChain() && codeType() == FunctionCode)
         out.printf("; activation in r%d", activationRegister());
-    out.print("\n\nSource: ", sourceCodeOnOneLine(), "\n\n");
 
     const Instruction* begin = instructions().begin();