Ignore:
Timestamp:
Oct 20, 2015, 11:37:38 AM (10 years ago)
Author:
[email protected]
Message:

GCAwareJITStubRoutineWithExceptionHandler has a stale CodeBlock pointer in its destructor
https://bugs.webkit.org/show_bug.cgi?id=150351

Reviewed by Mark Lam.

We may regenerate many GCAwareJITStubRoutineWithExceptionHandler stubs per one PolymorphicAccess.
Only the last GCAwareJITStubRoutineWithExceptionHandler stub that was generated will get the CodeBlock's aboutToDie()
notification. All other GCAwareJITStubRoutineWithExceptionHandler stubs will still be holding a stale CodeBlock pointer
that they will use in their destructor. The solution is to have GCAwareJITStubRoutineWithExceptionHandler remove its
exception handler in observeZeroRefCount() instead of its destructor. observeZeroRefCount() will run when a PolymorphicAccess
replaces its m_stubRoutine.

  • jit/GCAwareJITStubRoutine.cpp:

(JSC::GCAwareJITStubRoutineWithExceptionHandler::aboutToDie):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
(JSC::createJITStubRoutine):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::~GCAwareJITStubRoutineWithExceptionHandler): Deleted.

  • jit/GCAwareJITStubRoutine.h:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp

    r191016 r191350  
    114114}
    115115
    116 GCAwareJITStubRoutineWithExceptionHandler::~GCAwareJITStubRoutineWithExceptionHandler()
     116void GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount()
    117117{
    118118    if (m_codeBlockWithExceptionHandler) {
    119119        m_codeBlockWithExceptionHandler->jitCode()->dfgCommon()->removeCallSiteIndex(m_exceptionHandlerCallSiteIndex);
    120120        m_codeBlockWithExceptionHandler->removeExceptionHandlerForCallSite(m_exceptionHandlerCallSiteIndex);
     121        m_codeBlockWithExceptionHandler = nullptr;
    121122    }
     123
     124    Base::observeZeroRefCount();
    122125}
    123    
     126
    124127
    125128PassRefPtr<JITStubRoutine> createJITStubRoutine(
Note: See TracChangeset for help on using the changeset viewer.