Commit 118f1300 authored by oliver@apple.com's avatar oliver@apple.com

fourthTier: Segfault in jsc with simple test program when running with profile dumping enabled

https://bugs.webkit.org/show_bug.cgi?id=116082

It's crashing because CodeBlock::baselineVersion() doesn't know how to handle the case where 'this' is the
baseline version but it hasn't been assigned to the m_blahCodeBlock field in BlahExecutable. The fix is to
check if we're the baseline version in baselineVersion() and return this if so.

Reviewed by Filip Pizlo.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::baselineVersion):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153159 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent dcaa7482
2013-05-14 Mark Hahnenberg <mhahnenberg@apple.com>
fourthTier: Segfault in jsc with simple test program when running with profile dumping enabled
https://bugs.webkit.org/show_bug.cgi?id=116082
It's crashing because CodeBlock::baselineVersion() doesn't know how to handle the case where 'this' is the
baseline version but it hasn't been assigned to the m_blahCodeBlock field in BlahExecutable. The fix is to
check if we're the baseline version in baselineVersion() and return this if so.
Reviewed by Filip Pizlo.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::baselineVersion):
2013-05-11 Mark Hahnenberg <mhahnenberg@apple.com>
Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase
......
......@@ -134,9 +134,10 @@ class CodeBlock : public RefCounted<CodeBlock>, public UnconditionalFinalizer, p
#if ENABLE(JIT)
CodeBlock* baselineVersion()
{
if (JITCode::isBaselineCode(getJITType()))
return this;
CodeBlock* result = replacement();
if (!result)
return 0; // This can happen if we're in the process of creating the baseline version.
ASSERT(result);
while (result->alternative())
result = result->alternative();
ASSERT(result);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment