Title: [203286] trunk/Source/_javascript_Core
- Revision
- 203286
- Author
- [email protected]
- Date
- 2016-07-15 11:31:29 -0700 (Fri, 15 Jul 2016)
Log Message
Stack overflow error for deeply nested classes.
https://bugs.webkit.org/show_bug.cgi?id=157086
Reviewed by Geoffrey Garen.
Changed the StructureStubClearingWatchpoint destructor to iteratively destruct
its chain of next StructureStubClearingWatchpoints instead of recursively doing
so.
The added deep-StructureStubClearingWatchpoint-destructor-recursion.js test
produces a crash before the fix is applied, but takes about 14 minutes to run.
Hence, it is skipped.
* bytecode/StructureStubClearingWatchpoint.cpp:
(JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
* tests/stress/deep-StructureStubClearingWatchpoint-destructor-recursion.js: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (203285 => 203286)
--- trunk/Source/_javascript_Core/ChangeLog 2016-07-15 18:24:47 UTC (rev 203285)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-07-15 18:31:29 UTC (rev 203286)
@@ -1,3 +1,22 @@
+2016-07-15 Mark Lam <[email protected]>
+
+ Stack overflow error for deeply nested classes.
+ https://bugs.webkit.org/show_bug.cgi?id=157086
+
+ Reviewed by Geoffrey Garen.
+
+ Changed the StructureStubClearingWatchpoint destructor to iteratively destruct
+ its chain of next StructureStubClearingWatchpoints instead of recursively doing
+ so.
+
+ The added deep-StructureStubClearingWatchpoint-destructor-recursion.js test
+ produces a crash before the fix is applied, but takes about 14 minutes to run.
+ Hence, it is skipped.
+
+ * bytecode/StructureStubClearingWatchpoint.cpp:
+ (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
+ * tests/stress/deep-StructureStubClearingWatchpoint-destructor-recursion.js: Added.
+
2016-07-15 Csaba Osztrogonác <[email protected]>
Fix expectations in test262.yaml
Modified: trunk/Source/_javascript_Core/bytecode/StructureStubClearingWatchpoint.cpp (203285 => 203286)
--- trunk/Source/_javascript_Core/bytecode/StructureStubClearingWatchpoint.cpp 2016-07-15 18:24:47 UTC (rev 203285)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubClearingWatchpoint.cpp 2016-07-15 18:31:29 UTC (rev 203286)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2012, 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -34,7 +34,10 @@
namespace JSC {
-StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint() { }
+StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint()
+{
+ for (auto current = WTFMove(m_next); current; current = WTFMove(current->m_next)) { }
+}
StructureStubClearingWatchpoint* StructureStubClearingWatchpoint::push(
const ObjectPropertyCondition& key,
Added: trunk/Source/_javascript_Core/tests/stress/deep-StructureStubClearingWatchpoint-destructor-recursion.js (0 => 203286)
--- trunk/Source/_javascript_Core/tests/stress/deep-StructureStubClearingWatchpoint-destructor-recursion.js (rev 0)
+++ trunk/Source/_javascript_Core/tests/stress/deep-StructureStubClearingWatchpoint-destructor-recursion.js 2016-07-15 18:31:29 UTC (rev 203286)
@@ -0,0 +1,8 @@
+//@ skip
+// This test should not crash. Note: it takes about 14 minutes to run on a debug build.
+
+C = class {};
+for (var i = 0; i < 50000; ++i)
+ C = class extends C {};
+gc();
+
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
