Changeset 267846 in webkit for trunk/Source/JavaScriptCore/jit/JITOperations.cpp

Timestamp:

Oct 1, 2020, 11:52:35 AM (5 years ago)

Author:

[email protected]

Message:

stress/put-private-name-invalid-define.js.ftl-eager is getting flaky failure
​https://bugs.webkit.org/show_bug.cgi?id=217164

Reviewed by Mark Lam.

JIT operations need to use JITOperationPrologueCallFrameTracer to configure top call frame correctly.
But putById private field JIT operations miss them or use wrong frame tracer. Since we are not setting top frame correctly,
exception object creation from this JIT operations can be broken, and leading to stress/put-private-name-invalid-define.js.ftl-eager crash.
This patch configures top call frame via JITOperationPrologueCallFrameTracer appropriately.

• jit/JITOperations.cpp:

File:

• trunk/Source/JavaScriptCore/jit/JITOperations.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/jit/JITOperations.cpp

@@ -718 +718 @@
     VM& vm = globalObject->vm();
     CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
 
     CacheableIdentifier identifier = CacheableIdentifier::createFromRawBits(rawCacheableIdentifier);
@@ -752 +753 @@
     VM& vm = globalObject->vm();
     CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
 
     CacheableIdentifier identifier = CacheableIdentifier::createFromRawBits(rawCacheableIdentifier);
@@ -765 +767 @@
     VM& vm = globalObject->vm();
     CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
-    NativeCallFrameTracer tracer(vm, callFrame);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
 
     CacheableIdentifier identifier = CacheableIdentifier::createFromRawBits(rawCacheableIdentifier);