Summary: | Need to handle CodeBlock::replacement() being null. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Mark Lam <mark.lam> | ||||||
Component: | JavaScriptCore | Assignee: | Mark Lam <mark.lam> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | fpizlo, keith_miller, msaboff, rmorisset, saam, tzagallo, webkit-bug-importer | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Attachments: |
|
Description
Mark Lam
2018-07-11 17:10:12 PDT
Created attachment 344792 [details]
proposed patch.
Let's try this on the EWS. I feel that I still need to think it through a bit more before it's ready for review. But feel free to comment if you see something not right. Thanks.
Created attachment 344845 [details]
proposed patch.
Comment on attachment 344845 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=344845&action=review Weren’t you saying there was another place that needed a null check yesterday? What was the function you were seeing crash? > Source/JavaScriptCore/bytecode/CodeBlock.cpp:2427 > + bool hasReplacement = (replacement && replacement != this); No need for null check > Source/JavaScriptCore/bytecode/CodeBlock.cpp:2428 > + if ((result == CompilationSuccessful) != hasReplacement) { I don’t think your change here is doing anything since this can’t be null (In reply to Saam Barati from comment #3) > Comment on attachment 344845 [details] > proposed patch. > > View in context: > https://bugs.webkit.org/attachment.cgi?id=344845&action=review > > Weren’t you saying there was another place that needed a null check > yesterday? What was the function you were seeing crash? The other place is operationOptimize(). That case is covered by the check added in CodeBlock::hasOptimizedReplacement(). Comment on attachment 344845 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=344845&action=review >> Source/JavaScriptCore/bytecode/CodeBlock.cpp:2427 >> + bool hasReplacement = (replacement && replacement != this); > > No need for null check Why? Technically, we don't need the whole "if ((result == CompilationSuccessful) != (theReplacement != this))" check either because CodeBlock::setOptimizationThresholdBasedOnCompilationResult() is only called with result == CompilationSuccessful from JITToDFGDeferredCompilationCallback::compilationDidComplete() right after it installed the replacement. The only reason that this check is here is to catch a bug that violates the invariant that we must have a replacement if result == CompilationSuccessful, and to print a meaningful error message when that bug is detected. So, why not check for a null check as well that is also a violation of that invariant? Note: (replacement != this) only detects that we have a replacement if and only if replacement is not null. Comment on attachment 344845 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=344845&action=review >>> Source/JavaScriptCore/bytecode/CodeBlock.cpp:2427 >>> + bool hasReplacement = (replacement && replacement != this); >> >> No need for null check > > Why? Technically, we don't need the whole "if ((result == CompilationSuccessful) != (theReplacement != this))" check either because CodeBlock::setOptimizationThresholdBasedOnCompilationResult() is only called with result == CompilationSuccessful from JITToDFGDeferredCompilationCallback::compilationDidComplete() right after it installed the replacement. The only reason that this check is here is to catch a bug that violates the invariant that we must have a replacement if result == CompilationSuccessful, and to print a meaningful error message when that bug is detected. So, why not check for a null check as well that is also a violation of that invariant? > > Note: (replacement != this) only detects that we have a replacement if and only if replacement is not null. I misread this. Ignore me Thanks for the review. Landed in r233772: <http://trac.webkit.org/r233772>. |