Title: [196996] trunk/Source/_javascript_Core
- Revision
- 196996
- Author
- fpi...@apple.com
- Date
- 2016-02-23 14:17:24 -0800 (Tue, 23 Feb 2016)
Log Message
B3::Value doesn't self-destruct virtually enough (Causes many leaks in LowerDFGToB3::appendOSRExit)
https://bugs.webkit.org/show_bug.cgi?id=154592
Reviewed by Saam Barati.
If Foo has a virtual destructor, then:
foo->Foo::~Foo() does a non-virtual call to Foo's destructor. Even if foo points to a
subclass of Foo that overrides the destructor, this syntax will not call that override.
foo->~Foo() does a virtual call to the destructor, and so if foo points to a subclass, you
get the subclass's override.
In B3, we used this->Value::~Value() thinking that it would call the subclass's override.
This caused leaks because this didn't actually call the subclass's override. This fixes the
problem by using this->~Value() instead.
* b3/B3ControlValue.cpp:
(JSC::B3::ControlValue::convertToJump):
(JSC::B3::ControlValue::convertToOops):
* b3/B3Value.cpp:
(JSC::B3::Value::replaceWithIdentity):
(JSC::B3::Value::replaceWithNop):
(JSC::B3::Value::replaceWithPhi):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (196995 => 196996)
--- trunk/Source/_javascript_Core/ChangeLog 2016-02-23 22:08:09 UTC (rev 196995)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-02-23 22:17:24 UTC (rev 196996)
@@ -1,3 +1,30 @@
+2016-02-23 Filip Pizlo <fpi...@apple.com>
+
+ B3::Value doesn't self-destruct virtually enough (Causes many leaks in LowerDFGToB3::appendOSRExit)
+ https://bugs.webkit.org/show_bug.cgi?id=154592
+
+ Reviewed by Saam Barati.
+
+ If Foo has a virtual destructor, then:
+
+ foo->Foo::~Foo() does a non-virtual call to Foo's destructor. Even if foo points to a
+ subclass of Foo that overrides the destructor, this syntax will not call that override.
+
+ foo->~Foo() does a virtual call to the destructor, and so if foo points to a subclass, you
+ get the subclass's override.
+
+ In B3, we used this->Value::~Value() thinking that it would call the subclass's override.
+ This caused leaks because this didn't actually call the subclass's override. This fixes the
+ problem by using this->~Value() instead.
+
+ * b3/B3ControlValue.cpp:
+ (JSC::B3::ControlValue::convertToJump):
+ (JSC::B3::ControlValue::convertToOops):
+ * b3/B3Value.cpp:
+ (JSC::B3::Value::replaceWithIdentity):
+ (JSC::B3::Value::replaceWithNop):
+ (JSC::B3::Value::replaceWithPhi):
+
2016-02-23 Brian Burg <bb...@apple.com>
Web Inspector: the protocol generator's Objective-C name prefix should be configurable
Modified: trunk/Source/_javascript_Core/b3/B3ControlValue.cpp (196995 => 196996)
--- trunk/Source/_javascript_Core/b3/B3ControlValue.cpp 2016-02-23 22:08:09 UTC (rev 196995)
+++ trunk/Source/_javascript_Core/b3/B3ControlValue.cpp 2016-02-23 22:17:24 UTC (rev 196996)
@@ -57,7 +57,7 @@
Origin origin = this->origin();
BasicBlock* owner = this->owner;
- this->ControlValue::~ControlValue();
+ this->~ControlValue();
new (this) ControlValue(Jump, origin, FrequentedBlock(destination));
@@ -71,7 +71,7 @@
Origin origin = this->origin();
BasicBlock* owner = this->owner;
- this->ControlValue::~ControlValue();
+ this->~ControlValue();
new (this) ControlValue(Oops, origin);
Modified: trunk/Source/_javascript_Core/b3/B3Value.cpp (196995 => 196996)
--- trunk/Source/_javascript_Core/b3/B3Value.cpp 2016-02-23 22:08:09 UTC (rev 196995)
+++ trunk/Source/_javascript_Core/b3/B3Value.cpp 2016-02-23 22:17:24 UTC (rev 196996)
@@ -71,7 +71,7 @@
RELEASE_ASSERT(type == value->type());
- this->Value::~Value();
+ this->~Value();
new (this) Value(Identity, type, origin, value);
@@ -85,7 +85,7 @@
Origin origin = m_origin;
BasicBlock* owner = this->owner;
- this->Value::~Value();
+ this->~Value();
new (this) Value(Nop, Void, origin);
@@ -105,7 +105,7 @@
BasicBlock* owner = this->owner;
Type type = m_type;
- this->Value::~Value();
+ this->~Value();
new (this) Value(Phi, type, origin);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
