RESOLVED FIXED 150351
GCAwareJITStubRoutineWithExceptionHandler has a stale CodeBlock pointer in its destructor 
https://bugs.webkit.org/show_bug.cgi?id=150351
Summary GCAwareJITStubRoutineWithExceptionHandler has a stale CodeBlock pointer in it...
Saam Barati
Reported 2015-10-19 18:33:02 PDT
The problem is that we may regenerate many GCAwareJITStubRoutineWithExceptionHandler stubs per one PolymorphicAccess. Only the last GCAwareJITStubRoutineWithExceptionHandler stub that was generated will get the CodeBlock's aboutToDie() notification. All other GCAwareJITStubRoutineWithExceptionHandler stubs will still be holding a stale CodeBlock pointer that they will use in their destructor. The solution is to have GCAwareJITStubRoutineWithExceptionHandler remove its exception handler in observeZeroRefCount() instead of its destructor. observeZeroRefCount() will run when a PolymorphicAccess replaces its m_stubRoutine.
Attachments
patch (3.36 KB, patch)
2015-10-19 18:38 PDT, Saam Barati 		mark.lam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2015-10-19 18:38:35 PDT
Created attachment 263539 [details] patch
Mark Lam
Comment 2 2015-10-19 19:05:06 PDT
Comment on attachment 263539 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=263539&action=review r=me > Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:129 > +GCAwareJITStubRoutineWithExceptionHandler::~GCAwareJITStubRoutineWithExceptionHandler() > +{ > } maybe get rid of the destructor now since you don't need it anymore. > Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h:101 > ~GCAwareJITStubRoutineWithExceptionHandler() override; No need to override if we don't need it.
Saam Barati
Comment 3 2015-10-20 11:39:09 PDT
Thanks for the review. I've included your suggestions in the landed patch. landed in: http://trac.webkit.org/changeset/191350
Note You need to log in before you can comment on or make changes to this bug.