Changeset 47627 in webkit for trunk/JavaScriptCore/interpreter/Interpreter.cpp

Timestamp:

Aug 21, 2009, 12:48:59 AM (16 years ago)

Author:

[email protected]

Message:

Browser hangs on opening Web Inspector.
​https://bugs.webkit.org/show_bug.cgi?id=28438

Reviewed by Maciej Stachowiak.

Code generation needs to be able to walk the entire scopechain in some
cases, however the symbol table used by activations was a member of the
codeblock. Following recompilation this may no longer exist, leading
to a crash or hang on lookup.

We fix this by introducing a refcounted SymbolTable subclass, SharedSymbolTable,
for the CodeBlocks used by function code. This allows activations to
maintain ownership of a copy of the symbol table even after recompilation so
they can continue to work.

File:

• trunk/JavaScriptCore/interpreter/Interpreter.cpp (modified) (1 diff)

trunk/JavaScriptCore/interpreter/Interpreter.cpp

@@ -3843 +3843 @@
     if (codeBlock->usesArguments()) {
         ASSERT(codeBlock->codeType() == FunctionCode);
-        SymbolTable& symbolTable = codeBlock->symbolTable();
+        SymbolTable& symbolTable = *codeBlock->symbolTable();
         int argumentsIndex = symbolTable.get(functionCallFrame->propertyNames().arguments.ustring().rep()).getIndex();
         if (!functionCallFrame->r(argumentsIndex).jsValue()) {