Ignore:
Timestamp:
Dec 10, 2016, 5:14:37 PM (9 years ago)
Author:
[email protected]
Message:

Unreviewed, rolling out r209653, r209654, r209663, and
r209673.
https://bugs.webkit.org/show_bug.cgi?id=165739

speedometer crashes (Requested by pizlo on #webkit).

Reverted changesets:

"JSVALUE64: Pass arguments in platform argument registers when
making JavaScript calls"
https://bugs.webkit.org/show_bug.cgi?id=160355
http://trac.webkit.org/changeset/209653

"Unreviewed build fix for 32 bit builds."
http://trac.webkit.org/changeset/209654

"Unreviewed build fix for the CLOOP after r209653"
http://trac.webkit.org/changeset/209663

"REGRESSION(r209653) Crash in CallFrameShuffler::snapshot()"
https://bugs.webkit.org/show_bug.cgi?id=165728
http://trac.webkit.org/changeset/209673

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/interpreter/ShadowChicken.cpp

    r209653 r209678  
    285285            bool isTailDeleted = false;
    286286            JSScope* scope = nullptr;
    287             JSValue thisValue = jsUndefined();
    288287            CodeBlock* codeBlock = callFrame->codeBlock();
    289             if (codeBlock && codeBlock->wasCompiledWithDebuggingOpcodes()) {
    290                 if (codeBlock->scopeRegister().isValid()) {
    291                     scope = callFrame->scope(codeBlock->scopeRegister().offset());
     288            if (codeBlock && codeBlock->wasCompiledWithDebuggingOpcodes() && codeBlock->scopeRegister().isValid()) {
     289                scope = callFrame->scope(codeBlock->scopeRegister().offset());
     290                RELEASE_ASSERT(scope->inherits(JSScope::info()));
     291            } else if (foundFrame) {
     292                scope = m_log[indexInLog].scope;
     293                if (scope)
    292294                    RELEASE_ASSERT(scope->inherits(JSScope::info()));
    293                 }
    294                 thisValue = callFrame->thisValue();
    295             } else if (foundFrame) {
    296                 if (!scope) {
    297                     scope = m_log[indexInLog].scope;
    298                     if (scope)
    299                         RELEASE_ASSERT(scope->inherits(JSScope::info()));
    300                 }
    301                 if (thisValue.isUndefined())
    302                     thisValue = m_log[indexInLog].thisValue;
    303             }
    304             toPush.append(Frame(visitor->callee(), callFrame, isTailDeleted, thisValue, scope, codeBlock, callFrame->callSiteIndex()));
     295            }
     296            toPush.append(Frame(visitor->callee(), callFrame, isTailDeleted, callFrame->thisValue(), scope, codeBlock, callFrame->callSiteIndex()));
    305297
    306298            if (indexInLog < logCursorIndex
Note: See TracChangeset for help on using the changeset viewer.