Ignore:
Timestamp:
Oct 2, 2015, 2:16:20 PM (10 years ago)
Author:
[email protected]
Message:

Unreviewed, rolling back in r190450
https://bugs.webkit.org/show_bug.cgi?id=149727

The cause of the crash was a CodeBlock, after surviving a call to
deleteAllCode by virtue of being in the remembered set, trying to mark
its inlined CodeBlocks via pointers from its inlined executables.
Since deleteAllCode clears those pointers, the CodeBlock would ASSERT.
(Any other choice to retain a CodeBlock after deleteAllCode -- for
example, conservative marking -- could trigger the same bug.)

The fix is for InlineCallFrame to point directly to its inlined CodeBlock
instead of pointing indirectly via an executable. This guarantees that
CodeBlocks are GC safe regardless of whether we've called deleteAllCode.

Restored changesets:

"CodeBlock should be a GC object"
https://bugs.webkit.org/show_bug.cgi?id=149727
http://trac.webkit.org/changeset/190450

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/bytecode/InlineCallFrame.h

    r190220 r190522  
    3030#include "CodeBlockHash.h"
    3131#include "CodeOrigin.h"
    32 #include "Executable.h"
    3332#include "ValueRecovery.h"
    3433#include "WriteBarrier.h"
     
    4342struct InlineCallFrame;
    4443class ExecState;
    45 class ScriptExecutable;
    4644class JSFunction;
    4745
     
    175173   
    176174    Vector<ValueRecovery> arguments; // Includes 'this'.
    177     WriteBarrier<ScriptExecutable> executable;
     175    WriteBarrier<CodeBlock> baselineCodeBlock;
    178176    ValueRecovery calleeRecovery;
    179177    CodeOrigin directCaller;
     
    210208    CString hashAsStringIfPossible() const;
    211209   
    212     CodeBlock* baselineCodeBlock() const;
    213    
    214210    void setStackOffset(signed offset)
    215211    {
     
    220216    ptrdiff_t callerFrameOffset() const { return stackOffset * sizeof(Register) + CallFrame::callerFrameOffset(); }
    221217    ptrdiff_t returnPCOffset() const { return stackOffset * sizeof(Register) + CallFrame::returnPCOffset(); }
     218
     219    bool isStrictMode() const { return baselineCodeBlock->isStrictMode(); }
    222220
    223221    void dumpBriefFunctionInformation(PrintStream&) const;
     
    232230{
    233231    RELEASE_ASSERT(inlineCallFrame);
    234     ScriptExecutable* executable = inlineCallFrame->executable.get();
    235     RELEASE_ASSERT(executable->structure()->classInfo() == FunctionExecutable::info());
    236     return static_cast<FunctionExecutable*>(executable)->baselineCodeBlockFor(inlineCallFrame->specializationKind());
     232    return inlineCallFrame->baselineCodeBlock.get();
    237233}
    238234
Note: See TracChangeset for help on using the changeset viewer.