Ignore:
Timestamp:
Sep 3, 2014, 11:58:24 AM (11 years ago)
Author:
[email protected]
Message:

CallEdgeProfile::visitWeak() should gracefully handle the case where primaryCallee duplicates an entry in otherCallees
https://bugs.webkit.org/show_bug.cgi?id=136490

Reviewed by Geoffrey Garen.

  • bytecode/CallEdgeProfile.cpp:

(JSC::CallEdgeProfile::visitWeak):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/bytecode/CallEdgeProfile.cpp

    r173069 r173214  
    136136        m_numCallsToPrimary = list.last().count;
    137137       
    138         ASSERT(!!m_otherCallees == (list.size() >= 2));
    139138        if (m_otherCallees) {
    140139            m_otherCallees->m_processed.clear();
    141             for (unsigned i = list.size() - 1; i--;)
    142                 m_otherCallees->m_processed.append(CallEdge(list[i].key, list[i].count));
     140
     141            // We could have a situation where the GC clears the primary and then log processing
     142            // reinstates it without ever doing an addSlow and subsequent mergeBack. In such a case
     143            // the primary could duplicate an entry in otherCallees, which means that even though we
     144            // had an otherCallees object, the list size is just 1.
     145            if (list.size() >= 2) {
     146                for (unsigned i = list.size() - 1; i--;)
     147                    m_otherCallees->m_processed.append(CallEdge(list[i].key, list[i].count));
     148            }
    143149        }
    144150       
Note: See TracChangeset for help on using the changeset viewer.