Google Git
Sign in
webkit / WebKit / b27e24ad236d9cb5ca71d305f1d174e462bfcd18^! / . / Source / JavaScriptCore / dfg / DFGOSRExitCompilerCommon.cpp
commitb27e24ad236d9cb5ca71d305f1d174e462bfcd18[log] [tgz]
authormhahnenberg@apple.com <mhahnenberg@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jun 13 22:18:52 2014 +0000
committermhahnenberg@apple.com <mhahnenberg@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jun 13 22:18:52 2014 +0000
tree324c56e31e20b0c68f355e45ef7e3896e9bbda55
parent4f2878a36943b58aec5a2ebc4d43c9b04d7793c6 [diff] [blame]
OSR exit should barrier the Executables for all InlineCallFrames, not just those on the stack at the time of exit
https://bugs.webkit.org/show_bug.cgi?id=133880

Reviewed by Filip Pizlo.

Source/JavaScriptCore:
We could have exited due to a value received from an inlined block that's no longer on
the stack, so we should just barrier all InlineCallFrames.

* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::adjustAndJumpToTarget):

Source/WTF:
* wtf/Bag.h:
(WTF::Bag::iterator::operator!=): Add != to the Bag iterator so we can use it in range-based iteration.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@169951 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp b/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
index e0ec4dd..8c7dcce 100644
--- a/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp

@@ -199,13 +199,16 @@
 void adjustAndJumpToTarget(CCallHelpers& jit, const OSRExitBase& exit)
 {
 #if ENABLE(GGC) 
-    // 11) Write barrier the owner executable because we're jumping into a different block.
-    for (CodeOrigin codeOrigin = exit.m_codeOrigin; ; codeOrigin = codeOrigin.inlineCallFrame->caller) {
-        CodeBlock* baselineCodeBlock = jit.baselineCodeBlockFor(codeOrigin);
-        jit.move(AssemblyHelpers::TrustedImmPtr(baselineCodeBlock->ownerExecutable()), GPRInfo::nonArgGPR0); 
-        osrWriteBarrier(jit, GPRInfo::nonArgGPR0, GPRInfo::nonArgGPR1);
-        if (!codeOrigin.inlineCallFrame)
-            break;
+    // 11) Write barrier the owner executables because we're jumping into a different block.
+    jit.move(AssemblyHelpers::TrustedImmPtr(jit.codeBlock()->ownerExecutable()), GPRInfo::nonArgGPR0);
+    osrWriteBarrier(jit, GPRInfo::nonArgGPR0, GPRInfo::nonArgGPR1);
+    InlineCallFrameSet* inlineCallFrames = jit.codeBlock()->jitCode()->dfgCommon()->inlineCallFrames.get();
+    if (inlineCallFrames) {
+        for (InlineCallFrame* inlineCallFrame : *inlineCallFrames) {
+            ScriptExecutable* ownerExecutable = inlineCallFrame->executable.get();
+            jit.move(AssemblyHelpers::TrustedImmPtr(ownerExecutable), GPRInfo::nonArgGPR0); 
+            osrWriteBarrier(jit, GPRInfo::nonArgGPR0, GPRInfo::nonArgGPR1);
+        }
     }
 #endif