Bug 135471 - CodeBlock fails to visit the Executables of its InlineCallFrames
Summary: CodeBlock fails to visit the Executables of its InlineCallFrames
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Hahnenberg
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-31 13:56 PDT by Mark Hahnenberg
Modified: 2014-08-01 14:06 PDT (History)
4 users (show)

See Also:

Attachments
Patch (3.45 KB, patch)
2014-07-31 13:59 PDT, Mark Hahnenberg 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Hahnenberg 2014-07-31 13:56:07 PDT 
This leads to crashes after these Executables are prematurely deleted and then accessed later.
Comment 1 Mark Hahnenberg 2014-07-31 13:59:19 PDT 
Created attachment 235840 [details]
Patch
Comment 2 Geoffrey Garen 2014-07-31 16:36:53 PDT 
Comment on attachment 235840 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=235840&action=review

> Source/JavaScriptCore/bytecode/CodeOrigin.h:153
>              return jsCast<JSFunction*>(calleeRecovery.constant());
>          return 0;
>      }
> +
> +    void visitAggregate(SlotVisitor& visitor)
> +    {
> +        visitor.append(&executable);
> +    }

This poor second-class class can probably be a first-class class in its own header. That way, we provide upward mobility inside our code base.
Comment 3 Geoffrey Garen 2014-08-01 13:17:48 PDT 
Comment on attachment 235840 [details]
Patch

Clearing flags on attachment: 235840

Committed r171946: <http://trac.webkit.org/changeset/171946>
Comment 4 Geoffrey Garen 2014-08-01 13:17:50 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 5 Csaba Osztrogonác 2014-08-01 14:01:09 PDT 
(In reply to comment #3)
> (From update of attachment 235840 [details])
> Clearing flags on attachment: 235840
> 
> Committed r171946: <http://trac.webkit.org/changeset/171946>

It broke the non Apple builds as the EWS noticed it. Thanks. :-/
Buildfix landed in http://trac.webkit.org/changeset/171949.