RESOLVED FIXED 189300
Fix DeferredSourceDump to capture the caller bytecodeIndex instead of CodeOrigin. 
https://bugs.webkit.org/show_bug.cgi?id=189300
Summary Fix DeferredSourceDump to capture the caller bytecodeIndex instead of CodeOri...
Mark Lam
Reported 2018-09-04 23:43:44 PDT
At the time a DeferredSourceDump is instantiated, it captures a CodeOrigin value, which points to a InlineCallFrame in the DFG::Plan's m_inlineCallFrames set. The DeferredSourceDump may be later used to dump the source of a failed compilation. The DFG::Plan may have been destructed by then, and since the compilation failed, the InlineCallFrame is also destructed, which means DeferredSourceDump::dump() may be accessing freed memory. DeferredSourceDump doesn't really need a CodeOrigin. All it wants is the caller bytecodeIndex for the call to an inlined function. Hence, we can fix this issue by changing DeferredSourceDump to capture the caller bytecodeIndex instead. <rdar://problem/39681779>
Attachments
proposed patch. (6.75 KB, patch)
2018-09-04 23:56 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch. (6.84 KB, patch)
2018-09-05 00:04 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2018-09-04 23:56:14 PDT
Created attachment 348898 [details] proposed patch.
Mark Lam
Comment 2 2018-09-05 00:04:47 PDT
Created attachment 348899 [details] proposed patch.
Mark Lam
Comment 3 2018-09-05 12:54:04 PDT
Comment on attachment 348899 [details] proposed patch. Thanks for the review. Landing now.
WebKit Commit Bot
Comment 4 2018-09-05 13:21:22 PDT
Comment on attachment 348899 [details] proposed patch. Clearing flags on attachment: 348899 Committed r235684: <https://trac.webkit.org/changeset/235684>
WebKit Commit Bot
Comment 5 2018-09-05 13:21:24 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.