[webkit-changes] [180639] trunk

Wed, 25 Feb 2015 14:34:20 -0800

Title: [180639] trunk
Revision
180639
Author
benja...@webkit.org
Date
2015-02-25 14:32:58 -0800 (Wed, 25 Feb 2015)

Log Message

CodeBlock crashes when dumping op_push_name_scope
https://bugs.webkit.org/show_bug.cgi?id=141953

Patch by Benjamin Poulain <bpoul...@apple.com> on 2015-02-25
PerformanceTests/SunSpider:

Reviewed by Filip Pizlo.

* profiler-test.yaml:

Source/_javascript_Core:

Reviewed by Filip Pizlo and Csaba Osztrogonác.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* tests/stress/op-push-name-scope-crashes-profiler.js: Added.

Tools:

Reviewed by Filip Pizlo.

* Scripts/run-jsc-stress-tests:

Modified Paths

Added Paths

Diff

Modified: trunk/PerformanceTests/SunSpider/ChangeLog (180638 => 180639)


--- trunk/PerformanceTests/SunSpider/ChangeLog	2015-02-25 22:32:45 UTC (rev 180638)
+++ trunk/PerformanceTests/SunSpider/ChangeLog	2015-02-25 22:32:58 UTC (rev 180639)
@@ -1,3 +1,12 @@
+2015-02-25  Benjamin Poulain  <bpoul...@apple.com>
+
+        CodeBlock crashes when dumping op_push_name_scope
+        https://bugs.webkit.org/show_bug.cgi?id=141953
+
+        Reviewed by Filip Pizlo.
+
+        * profiler-test.yaml:
+
 2015-01-27  Csaba Osztrogonác  <o...@webkit.org>
 
         [Win] JSC profiler tests asserts in debug mode

Modified: trunk/PerformanceTests/SunSpider/profiler-test.yaml (180638 => 180639)


--- trunk/PerformanceTests/SunSpider/profiler-test.yaml	2015-02-25 22:32:45 UTC (rev 180638)
+++ trunk/PerformanceTests/SunSpider/profiler-test.yaml	2015-02-25 22:32:58 UTC (rev 180639)
@@ -25,9 +25,4 @@
 # with the runProfiler command.
 
 - path: tests/sunspider-1.0
-  cmd: |
-      if ($architecture !~ /x86/i and $hostOS == "darwin") or ($hostOS == "windows")
-          skip
-      else
-          runProfiler
-      end
+  cmd: runProfiler
\ No newline at end of file

Modified: trunk/Source/_javascript_Core/ChangeLog (180638 => 180639)


--- trunk/Source/_javascript_Core/ChangeLog	2015-02-25 22:32:45 UTC (rev 180638)
+++ trunk/Source/_javascript_Core/ChangeLog	2015-02-25 22:32:58 UTC (rev 180639)
@@ -1,3 +1,14 @@
+2015-02-25  Benjamin Poulain  <bpoul...@apple.com>
+
+        CodeBlock crashes when dumping op_push_name_scope
+        https://bugs.webkit.org/show_bug.cgi?id=141953
+
+        Reviewed by Filip Pizlo and Csaba Osztrogonác.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpBytecode):
+        * tests/stress/op-push-name-scope-crashes-profiler.js: Added.
+
 2015-02-25  Benjamin Poulain  <benja...@webkit.org>
 
         Make ParserError immutable by design

Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (180638 => 180639)


--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp	2015-02-25 22:32:45 UTC (rev 180638)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp	2015-02-25 22:32:58 UTC (rev 180639)
@@ -1445,12 +1445,11 @@
         }
         case op_push_name_scope: {
             int dst = (++it)->u.operand;
-            int id0 = (++it)->u.operand;
             int r1 = (++it)->u.operand;
-            unsigned attributes = (++it)->u.operand;
+            int k0 = (++it)->u.operand;
             JSNameScope::Type scopeType = (JSNameScope::Type)(++it)->u.operand;
             printLocationAndOp(out, exec, location, it, "push_name_scope");
-            out.printf("%s, %s, %s, %u %s", registerName(dst).data(), idName(id0, identifier(id0)).data(), registerName(r1).data(), attributes, (scopeType == JSNameScope::FunctionNameScope) ? "functionScope" : ((scopeType == JSNameScope::CatchScope) ? "catchScope" : "unknownScopeType"));
+            out.printf("%s, %s, %s, %s", registerName(dst).data(), registerName(r1).data(), constantName(k0, getConstant(k0)).data(), (scopeType == JSNameScope::FunctionNameScope) ? "functionScope" : ((scopeType == JSNameScope::CatchScope) ? "catchScope" : "unknownScopeType"));
             break;
         }
         case op_catch: {

Added: trunk/Source/_javascript_Core/tests/stress/op-push-name-scope-crashes-profiler.js (0 => 180639)


--- trunk/Source/_javascript_Core/tests/stress/op-push-name-scope-crashes-profiler.js	                        (rev 0)
+++ trunk/Source/_javascript_Core/tests/stress/op-push-name-scope-crashes-profiler.js	2015-02-25 22:32:58 UTC (rev 180639)
@@ -0,0 +1,17 @@
+//@ runProfiler
+function test() {
+    (function functionName() {
+        ++counter;
+        if (!arguments[0])
+            return;
+        eval("functionName(arguments[0] - 1, functionName, '' + functionName);");
+     })(arguments[0]);
+}
+
+for (var i = 0; i < 10000; ++i) {
+    counter = 0;
+    test(100);
+    if (counter !== 101) {
+        throw "Oops, test(100) = " + test(100) + ", expected 101.";
+    }
+}
\ No newline at end of file

Modified: trunk/Tools/ChangeLog (180638 => 180639)


--- trunk/Tools/ChangeLog	2015-02-25 22:32:45 UTC (rev 180638)
+++ trunk/Tools/ChangeLog	2015-02-25 22:32:58 UTC (rev 180639)
@@ -1,3 +1,12 @@
+2015-02-25  Benjamin Poulain  <bpoul...@apple.com>
+
+        CodeBlock crashes when dumping op_push_name_scope
+        https://bugs.webkit.org/show_bug.cgi?id=141953
+
+        Reviewed by Filip Pizlo.
+
+        * Scripts/run-jsc-stress-tests:
+
 2015-02-25  Youenn Fablet  <youenn.fab...@crf.canon.fr>
 
         W3C test importer should use argparse instead of optparse

Modified: trunk/Tools/Scripts/run-jsc-stress-tests (180638 => 180639)


--- trunk/Tools/Scripts/run-jsc-stress-tests	2015-02-25 22:32:45 UTC (rev 180638)
+++ trunk/Tools/Scripts/run-jsc-stress-tests	2015-02-25 22:32:58 UTC (rev 180639)
@@ -725,7 +725,7 @@
 end
 
 def runProfiler
-    if $remote
+    if $remote or ($architecture !~ /x86/i and $hostOS == "darwin") or ($hostOS == "windows")
         skip
         return
     end

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to