Bug 151445 - JIT snippet generator JumpLists should be returned as references.
Summary: JIT snippet generator JumpLists should be returned as references.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords:
: 151440 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-11-19 09:35 PST by Mark Lam
Modified: 2015-11-20 02:38 PST (History)
5 users (show)

See Also:


Attachments
proposed patch. (3.31 KB, patch)
2015-11-19 09:37 PST, Mark Lam
barraclough: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2015-11-19 09:35:06 PST
The JumpLists were being returned by value.  As a result, new jumps added to them in the client are actually added to a temporary copy and promptly discarded.  Those jumps never get linked, resulting in infinite loops in DFG generated code that used the snippets.
Comment 1 Mark Lam 2015-11-19 09:37:47 PST
Created attachment 265866 [details]
proposed patch.
Comment 2 Csaba Osztrogonác 2015-11-19 09:54:17 PST
I started tests with this patch applied on the ARMv7 Thumb2 bot:
https://build.webkit.org/builders/EFL%20Linux%20ARMv7%20Thumb2%20Release/builds/16224

It will finish testing in 40-45 minutes, let's see the results.
Comment 3 Mark Lam 2015-11-19 10:01:07 PST
Thanks for the review.  Landed in r192632: <http://trac.webkit.org/r192632>.
Comment 4 Csaba Osztrogonác 2015-11-20 02:38:57 PST
*** Bug 151440 has been marked as a duplicate of this bug. ***