Changeset 47620 in webkit for trunk/JavaScriptCore/runtime/JSActivation.cpp

Timestamp:

Aug 20, 2009, 9:21:01 PM (16 years ago)

Author:

[email protected]

Message:

REGRESSION: fast/profiler/call.html is crashing occasionally
​https://bugs.webkit.org/show_bug.cgi?id=28476

Reviewed by Gavin Barraclough.

Using the codeblock for information about how many parameters and
locals a function has is unsafe in certain circumstances. The
basic scenario is all function code being cleared in response to
the debugger or profiler being enabled, and then an activation is
marked before its associated function is re-executed.

To deal with this scenario we store the variable count of a function
directly in the FunctionExecutable, and then use that information.

File:

• trunk/JavaScriptCore/runtime/JSActivation.cpp (modified) (1 diff)

trunk/JavaScriptCore/runtime/JSActivation.cpp

@@ -58 +58 @@
         return;
 
-    size_t numParametersMinusThis = d()->functionExecutable->generatedBytecode().m_numParameters - 1;
+    size_t numParametersMinusThis = d()->functionExecutable->parameterCount();
 
     size_t count = numParametersMinusThis;
     markStack.appendValues(registerArray, count);
 
-    size_t numVars = d()->functionExecutable->generatedBytecode().m_numVars;
+    size_t numVars = d()->functionExecutable->variableCount();
 
     // Skip the call frame, which sits between the parameters and vars.