Bug 135471

Summary: CodeBlock fails to visit the Executables of its InlineCallFrames
Product: WebKit Reporter: Mark Hahnenberg <mhahnenberg>
Component: JavaScriptCoreAssignee: Mark Hahnenberg <mhahnenberg>
Status: RESOLVED FIXED    
Severity: Normal CC: clopez, fpizlo, ggaren, ossy
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Mark Hahnenberg 2014-07-31 13:56:07 PDT 
This leads to crashes after these Executables are prematurely deleted and then accessed later.
Comment 1 Mark Hahnenberg 2014-07-31 13:59:19 PDT 
Created attachment 235840 [details]
Patch
Comment 2 Geoffrey Garen 2014-07-31 16:36:53 PDT 
Comment on attachment 235840 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=235840&action=review

> Source/JavaScriptCore/bytecode/CodeOrigin.h:153
>              return jsCast<JSFunction*>(calleeRecovery.constant());
>          return 0;
>      }
> +
> +    void visitAggregate(SlotVisitor& visitor)
> +    {
> +        visitor.append(&executable);
> +    }

This poor second-class class can probably be a first-class class in its own header. That way, we provide upward mobility inside our code base.
Comment 3 Geoffrey Garen 2014-08-01 13:17:48 PDT 
Comment on attachment 235840 [details]
Patch

Clearing flags on attachment: 235840

Committed r171946: <http://trac.webkit.org/changeset/171946>
Comment 4 Geoffrey Garen 2014-08-01 13:17:50 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 5 Csaba Osztrogonác 2014-08-01 14:01:09 PDT 
(In reply to comment #3)
> (From update of attachment 235840 [details])
> Clearing flags on attachment: 235840
> 
> Committed r171946: <http://trac.webkit.org/changeset/171946>

It broke the non Apple builds as the EWS noticed it. Thanks. :-/
Buildfix landed in http://trac.webkit.org/changeset/171949.