[webkit-changes] [193491] trunk/Source/JavaScriptCore

Fri, 04 Dec 2015 17:05:12 -0800

Title: [193491] trunk/Source/_javascript_Core
Revision
193491
Author
msab...@apple.com
Date
2015-12-04 17:04:20 -0800 (Fri, 04 Dec 2015)

Log Message

CRASH: CodeBlock::setOptimizationThresholdBasedOnCompilationResult + 567
https://bugs.webkit.org/show_bug.cgi?id=151892

Reviewed by Mark Lam.

When the debugger is in the process of attaching and it recompiles functions
for debugging, there can also be a DFG compilation running concurrently.
When we go to update the optimization threshold and find that the replacement
is also baseline code, we shouldn't update the threshold.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (193490 => 193491)


--- trunk/Source/_javascript_Core/ChangeLog	2015-12-05 01:00:29 UTC (rev 193490)
+++ trunk/Source/_javascript_Core/ChangeLog	2015-12-05 01:04:20 UTC (rev 193491)
@@ -1,3 +1,18 @@
+2015-12-04  Michael Saboff  <msab...@apple.com>
+
+        CRASH: CodeBlock::setOptimizationThresholdBasedOnCompilationResult + 567
+        https://bugs.webkit.org/show_bug.cgi?id=151892
+
+        Reviewed by Mark Lam.
+
+        When the debugger is in the process of attaching and it recompiles functions
+        for debugging, there can also be a DFG compilation running concurrently.
+        When we go to update the optimization threshold and find that the replacement
+        is also baseline code, we shouldn't update the threshold.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
+
 2015-12-04  Jonathan Davis  <j...@apple.com>
 
         Update feature status for up-to-date status information.

Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (193490 => 193491)


--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp	2015-12-05 01:00:29 UTC (rev 193490)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp	2015-12-05 01:04:20 UTC (rev 193491)
@@ -3705,6 +3705,12 @@
     }
     
     CodeBlock* theReplacement = replacement();
+
+    // If our replacement is baseline code, the debugger has probably attached and recompiled the function.
+    // No threshold to change.
+    if ((result == CompilationSuccessful) && (theReplacement->jitType() == JITCode::BaselineJIT))
+        return;
+
     if ((result == CompilationSuccessful) != (theReplacement != this)) {
         dataLog(*this, ": we have result = ", result, " but ");
         if (theReplacement == this)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to