Google Git
Sign in
webkit / WebKit / 63dda94c977a7ee6ba19f28fe57414b99d9554cb
commit63dda94c977a7ee6ba19f28fe57414b99d9554cb[log] [tgz]
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sat Aug 04 01:01:27 2012 +0000
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sat Aug 04 01:01:27 2012 +0000
treed58e179d6c3e0d66aefb0b646980dc765622370d
parent7919753a73ef6cef1bae80204ba8811f7f375a07 [diff]
Crashes in dfgBuildPutByIdList when clicking on just about anything on Google Maps
https://bugs.webkit.org/show_bug.cgi?id=92691

Reviewed by Mark Hahnenberg.

The state of the stubs was changing after we determined the type (by virtue of the slow path
function that was called), since the get or put (in this case put) could cause arbitrary
side effects. Perhaps a full-blown fix would be to eliminate our reliance of the slow path
function to determine what to do, but an easier fix for now is to have the slow path give up
if its assumptions were invalidated by a side effect.

* dfg/DFGOperations.cpp:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@124678 268f45cc-cd09-0410-ab3c-d52691b4dbfc
3 files changed
tree: d58e179d6c3e0d66aefb0b646980dc765622370d
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. .qmake.conf
  14. autogen.sh
  15. ChangeLog
  16. ChangeLog-2012-05-22
  17. CMakeLists.txt
  18. configure.ac
  19. GNUmakefile.am
  20. Makefile
  21. Makefile.shared
  22. WebKit.pro
  23. wscript