Ignore:
Timestamp:
Jul 21, 2009, 9:03:32 PM (16 years ago)
Author:
[email protected]
Message:

JavaScriptCore:

2009-07-21 Zoltan Herczeg <[email protected]>

Reviewed by Gavin Barraclough.

Cache not only the structure of the method, but the
structure of its prototype as well.
https://bugs.webkit.org/show_bug.cgi?id=27077

  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::~CodeBlock):
  • bytecode/CodeBlock.h: (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
  • jit/JITPropertyAccess.cpp: (JSC::JIT::patchMethodCallProto):

LayoutTests:

2009-07-21 Zoltan Herczeg <[email protected]>

Reviewed by Gavin Barraclough, RS olliej fix to make the test pass.

Check whether a crash happens after the string
prototype is overwritten twice. The JIT'ed code
may crash if one of its already cached method
called again. Note: This test is not necessary
crash on all systems, because they use different
memory allocators!
https://bugs.webkit.org/show_bug.cgi?id=27077

  • fast/js/method-check-expected.txt: Added.
  • fast/js/method-check.html: Added.
  • fast/js/resources/method-check.js: Added. (func2): (func.String.prototype.a): (func.String.prototype.b): (func):
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/JavaScriptCore/jit/JITPropertyAccess.cpp

    r46202 r46210  
    536536    structure->ref();
    537537
     538    Structure* prototypeStructure = proto->structure();
     539    ASSERT(!methodCallLinkInfo.cachedPrototypeStructure);
     540    methodCallLinkInfo.cachedPrototypeStructure = prototypeStructure;
     541    prototypeStructure->ref();
     542
    538543    repatchBuffer.repatch(methodCallLinkInfo.structureLabel, structure);
    539544    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoObj), proto);
    540     repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoStruct), proto->structure());
     545    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoStruct), prototypeStructure);
    541546    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckPutFunction), callee);
    542547}
Note: See TracChangeset for help on using the changeset viewer.