Context Navigation

JavaScriptCore

Timestamp:

Sep 3, 2014, 11:58:24 AM (11 years ago)

Author:

Message:

CallEdgeProfile::visitWeak() should gracefully handle the case where primaryCallee duplicates an entry in otherCallees
https://bugs.webkit.org/show_bug.cgi?id=136490

Reviewed by Geoffrey Garen.

(JSC::CallEdgeProfile::visitWeak):

Location:

trunk/Source/JavaScriptCore

Files:

-              r173213
+              r173214
+-09-03  Filip Pizlo  <[email protected]>
+        CallEdgeProfile::visitWeak() should gracefully handle the case where primaryCallee duplicates an entry in otherCallees
+        https://bugs.webkit.org/show_bug.cgi?id=136490
+        Reviewed by Geoffrey Garen.
+        * bytecode/CallEdgeProfile.cpp:
+        (JSC::CallEdgeProfile::visitWeak):
 -09-03  Filip Pizlo  <[email protected]>

-              r173069
+              r173214
         m_numCallsToPrimary = list.last().count;
-        ASSERT(!!m_otherCallees == (list.size() >= 2));
         if (m_otherCallees) {
             m_otherCallees->m_processed.clear();
+            for (unsigned i = list.size() - 1; i--;)
+                m_otherCallees->m_processed.append(CallEdge(list[i].key, list[i].count));
+            // We could have a situation where the GC clears the primary and then log processing
+            // reinstates it without ever doing an addSlow and subsequent mergeBack. In such a case
+            // the primary could duplicate an entry in otherCallees, which means that even though we
+            // had an otherCallees object, the list size is just 1.
+            if (list.size() >= 2) {
+                for (unsigned i = list.size() - 1; i--;)
+                    m_otherCallees->m_processed.append(CallEdge(list[i].key, list[i].count));
+            }
+        }

Note: See TracChangeset for help on using the changeset viewer.