Changeset 47620 in webkit for trunk/JavaScriptCore/runtime/Arguments.h

Timestamp:

Aug 20, 2009, 9:21:01 PM (16 years ago)

Author:

[email protected]

Message:

REGRESSION: fast/profiler/call.html is crashing occasionally
​https://bugs.webkit.org/show_bug.cgi?id=28476

Reviewed by Gavin Barraclough.

Using the codeblock for information about how many parameters and
locals a function has is unsafe in certain circumstances. The
basic scenario is all function code being cleared in response to
the debugger or profiler being enabled, and then an activation is
marked before its associated function is re-executed.

To deal with this scenario we store the variable count of a function
directly in the FunctionExecutable, and then use that information.

File:

• trunk/JavaScriptCore/runtime/Arguments.h (modified) (1 diff)

trunk/JavaScriptCore/runtime/Arguments.h

@@ -116 +116 @@
     {
         function = callFrame->callee();
-    
-        CodeBlock* codeBlock = &function->executable()->generatedBytecode();
-        int numParameters = codeBlock->m_numParameters;
+
+        int numParameters = function->executable()->parameterCount();
         argc = callFrame->argumentCount();
 
         if (argc <= numParameters)
-            argv = callFrame->registers() - RegisterFile::CallFrameHeaderSize - numParameters + 1; // + 1 to skip "this"
+            argv = callFrame->registers() - RegisterFile::CallFrameHeaderSize - numParameters;
         else
-            argv = callFrame->registers() - RegisterFile::CallFrameHeaderSize - numParameters - argc + 1; // + 1 to skip "this"
+            argv = callFrame->registers() - RegisterFile::CallFrameHeaderSize - numParameters - argc;
 
         argc -= 1; // - 1 to skip "this"
-        firstParameterIndex = -RegisterFile::CallFrameHeaderSize - numParameters + 1; // + 1 to skip "this"
+        firstParameterIndex = -RegisterFile::CallFrameHeaderSize - numParameters;
     }