Ignore:
Timestamp:
Jul 21, 2009, 9:03:32 PM (16 years ago)
Author:
[email protected]
Message:

JavaScriptCore:

2009-07-21 Zoltan Herczeg <[email protected]>

Reviewed by Gavin Barraclough.

Cache not only the structure of the method, but the
structure of its prototype as well.
https://bugs.webkit.org/show_bug.cgi?id=27077

  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::~CodeBlock):
  • bytecode/CodeBlock.h: (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
  • jit/JITPropertyAccess.cpp: (JSC::JIT::patchMethodCallProto):

LayoutTests:

2009-07-21 Zoltan Herczeg <[email protected]>

Reviewed by Gavin Barraclough, RS olliej fix to make the test pass.

Check whether a crash happens after the string
prototype is overwritten twice. The JIT'ed code
may crash if one of its already cached method
called again. Note: This test is not necessary
crash on all systems, because they use different
memory allocators!
https://bugs.webkit.org/show_bug.cgi?id=27077

  • fast/js/method-check-expected.txt: Added.
  • fast/js/method-check.html: Added.
  • fast/js/resources/method-check.js: Added. (func2): (func.String.prototype.a): (func.String.prototype.b): (func):
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/bytecode/CodeBlock.h

    r45995 r46210  
    116116        MethodCallLinkInfo()
    117117            : cachedStructure(0)
     118            , cachedPrototypeStructure(0)
    118119        {
    119120        }
     
    122123        CodeLocationDataLabelPtr structureLabel;
    123124        Structure* cachedStructure;
     125        Structure* cachedPrototypeStructure;
    124126    };
    125127
Note: See TracChangeset for help on using the changeset viewer.