[webkit-changes] [115253] trunk/Source/JavaScriptCore

[oliver]

Title: [115253] trunk/Source/_javascript_Core

Revision

115253

Author

oli...@apple.com

Date

2012-04-25 16:01:08 -0700 (Wed, 25 Apr 2012)

Log Message

Biolab disaster crashes on ToT
https://bugs.webkit.org/show_bug.cgi?id=84898

Reviewed by Filip Pizlo.

Whoops, committed without saving reviewer requested change.

* dfg/DFGVirtualRegisterAllocationPhase.cpp:
(JSC::DFG::VirtualRegisterAllocationPhase::run):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/dfg/DFGVirtualRegisterAllocationPhase.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (115252 => 115253)

--- trunk/Source/_javascript_Core/ChangeLog	2012-04-25 22:58:08 UTC (rev 115252)
+++ trunk/Source/_javascript_Core/ChangeLog	2012-04-25 23:01:08 UTC (rev 115253)
@@ -5,6 +5,18 @@
 
         Reviewed by Filip Pizlo.
 
+        Whoops, committed without saving reviewer requested change.
+
+        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
+        (JSC::DFG::VirtualRegisterAllocationPhase::run):
+
+2012-04-25  Oliver Hunt  <oli...@apple.com>
+
+        Biolab disaster crashes on ToT
+        https://bugs.webkit.org/show_bug.cgi?id=84898
+
+        Reviewed by Filip Pizlo.
+
         I recently added an assertion to the Interpreter to catch incorrect
         updates of topCallFrame.  This caused a bunch of sites (including biolab
         disaster) to crash as we were not correctly handling callee registers

Modified: trunk/Source/_javascript_Core/dfg/DFGVirtualRegisterAllocationPhase.cpp (115252 => 115253)

--- trunk/Source/_javascript_Core/dfg/DFGVirtualRegisterAllocationPhase.cpp	2012-04-25 22:58:08 UTC (rev 115252)
+++ trunk/Source/_javascript_Core/dfg/DFGVirtualRegisterAllocationPhase.cpp	2012-04-25 23:01:08 UTC (rev 115253)
@@ -112,7 +112,7 @@
         size_t inlineCallFrameCount = codeBlock()->inlineCallFrames().size();
         for (size_t i = 0; i < inlineCallFrameCount; i++) {
             InlineCallFrame& inlineCallFrame = codeBlock()->inlineCallFrames()[i];
-            CodeBlock* codeBlock = jsCast<FunctionExecutable*>(inlineCallFrame.executable.get())->baselineCodeBlockFor(inlineCallFrame.isCall ? CodeForCall : CodeForConstruct);
+            CodeBlock* codeBlock = baselineCodeBlockForInlineCallFrame(&inlineCallFrame);
             unsigned requiredCalleeRegisters = inlineCallFrame.stackOffset + codeBlock->m_numCalleeRegisters;
             if (requiredCalleeRegisters > calleeRegisters)
                 calleeRegisters = requiredCalleeRegisters;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes