<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[185772] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/185772">185772</a></dd>
<dt>Author</dt> <dd>msaboff@apple.com</dd>
<dt>Date</dt> <dd>2015-06-19 15:28:18 -0700 (Fri, 19 Jun 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Crash in com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL::fixFunctionBasedOnStackMaps + 17225
https://bugs.webkit.org/show_bug.cgi?id=146133
Reviewed by Geoffrey Garen.
When generating code to put in inline caching areas, if there isn't enough space,
then create and link to an out of line area. We connect the inline code to this
out of line code area by planting a jump from the inline area to the out of line
code and appending a jump at the end of the out of line code bck to the instruction
following the inline area. We fill the unused inline area with nops, primarily to
ensure the disassembler doesn't get confused.
* ftl/FTLCompile.cpp:
(generateInlineIfPossibleOutOfLineIfNot): New function that determines if there is enough space
in the inline code area for the code to link. If so, it links inline, otherwise it links the
code out of line and plants appropriate jumps to/from the out of line code.
(generateICFastPath):
(generateCheckInICFastPath):
(fixFunctionBasedOnStackMaps):
Use generateInlineIfPossibleOutOfLineIfNot() to link code intended for inline cache space.
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalizeFunction):
* ftl/FTLJITFinalizer.h:
(JSC::FTL::OutOfLineCodeInfo::OutOfLineCodeInfo):
Added code to finalize any out of line LinkBuffer created by generateInlineIfPossibleOutOfLineIfNot().</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLCompilecpp">trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLJITFinalizercpp">trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLJITFinalizerh">trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (185771 => 185772)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-06-19 22:24:55 UTC (rev 185771)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-06-19 22:28:18 UTC (rev 185772)
</span><span class="lines">@@ -1,3 +1,32 @@
</span><ins>+2015-06-19 Michael Saboff <msaboff@apple.com>
+
+ Crash in com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL::fixFunctionBasedOnStackMaps + 17225
+ https://bugs.webkit.org/show_bug.cgi?id=146133
+
+ Reviewed by Geoffrey Garen.
+
+ When generating code to put in inline caching areas, if there isn't enough space,
+ then create and link to an out of line area. We connect the inline code to this
+ out of line code area by planting a jump from the inline area to the out of line
+ code and appending a jump at the end of the out of line code bck to the instruction
+ following the inline area. We fill the unused inline area with nops, primarily to
+ ensure the disassembler doesn't get confused.
+
+ * ftl/FTLCompile.cpp:
+ (generateInlineIfPossibleOutOfLineIfNot): New function that determines if there is enough space
+ in the inline code area for the code to link. If so, it links inline, otherwise it links the
+ code out of line and plants appropriate jumps to/from the out of line code.
+ (generateICFastPath):
+ (generateCheckInICFastPath):
+ (fixFunctionBasedOnStackMaps):
+ Use generateInlineIfPossibleOutOfLineIfNot() to link code intended for inline cache space.
+
+ * ftl/FTLJITFinalizer.cpp:
+ (JSC::FTL::JITFinalizer::finalizeFunction):
+ * ftl/FTLJITFinalizer.h:
+ (JSC::FTL::OutOfLineCodeInfo::OutOfLineCodeInfo):
+ Added code to finalize any out of line LinkBuffer created by generateInlineIfPossibleOutOfLineIfNot().
+
</ins><span class="cx"> 2015-06-19 Geoffrey Garen <ggaren@apple.com>
</span><span class="cx">
</span><span class="cx"> WebKit crash while loading nytimes at JavaScriptCore: JSC::ExecutableAllocator::allocate + 276
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLCompilecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp (185771 => 185772)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp 2015-06-19 22:24:55 UTC (rev 185771)
+++ trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp 2015-06-19 22:28:18 UTC (rev 185772)
</span><span class="lines">@@ -155,6 +155,49 @@
</span><span class="cx"> return capturedLocation.addend() / sizeof(Register);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+static void generateInlineIfPossibleOutOfLineIfNot(State& state, VM& vm, CodeBlock* codeBlock, CCallHelpers& code, char* startOfInlineCode, size_t sizeOfInlineCode, const char* codeDescription, const std::function<void(LinkBuffer&, CCallHelpers&, bool wasCompiledInline)>& callback)
+{
+ std::unique_ptr<LinkBuffer> codeLinkBuffer;
+ size_t actualCodeSize = code.m_assembler.buffer().codeSize();
+
+ if (actualCodeSize <= sizeOfInlineCode) {
+ LinkBuffer codeLinkBuffer(vm, code, startOfInlineCode, sizeOfInlineCode);
+
+ // Fill the remainder of the inline space with nops to avoid confusing the disassembler.
+ MacroAssembler::AssemblerType_T::fillNops(bitwise_cast<char*>(startOfInlineCode) + actualCodeSize, sizeOfInlineCode - actualCodeSize);
+
+ callback(codeLinkBuffer, code, true);
+
+ return;
+ }
+
+ // If there isn't enough space in the provided inline code area, allocate out of line
+ // executable memory to link the provided code. Place a jump at the beginning of the
+ // inline area and jump to the out of line code. Similarly return by appending a jump
+ // to the provided code that goes to the instruction after the inline code.
+ // Fill the middle with nop's.
+ MacroAssembler::Jump returnToMainline = code.jump();
+
+ // Allocate out of line executable memory and link the provided code there.
+ codeLinkBuffer = std::make_unique<LinkBuffer>(vm, code, codeBlock, JITCompilationMustSucceed);
+
+ // Plant a jmp in the inline buffer to the out of line code.
+ MacroAssembler callToOutOfLineCode;
+ MacroAssembler::Jump jumpToOutOfLine = callToOutOfLineCode.jump();
+ LinkBuffer inlineBuffer(vm, callToOutOfLineCode, startOfInlineCode, sizeOfInlineCode);
+ inlineBuffer.link(jumpToOutOfLine, codeLinkBuffer->entrypoint());
+
+ // Fill the remainder of the inline space with nops to avoid confusing the disassembler.
+ MacroAssembler::AssemblerType_T::fillNops(bitwise_cast<char*>(startOfInlineCode) + inlineBuffer.size(), sizeOfInlineCode - inlineBuffer.size());
+
+ // Link the end of the out of line code to right after the inline area.
+ codeLinkBuffer->link(returnToMainline, CodeLocationLabel(MacroAssemblerCodePtr::createFromExecutableAddress(startOfInlineCode)).labelAtOffset(sizeOfInlineCode));
+
+ callback(*codeLinkBuffer.get(), code, false);
+
+ state.finalizer->outOfLineCodeInfos.append(OutOfLineCodeInfo(WTF::move(codeLinkBuffer), codeDescription));
+}
+
</ins><span class="cx"> template<typename DescriptorType>
</span><span class="cx"> void generateICFastPath(
</span><span class="cx"> State& state, CodeBlock* codeBlock, GeneratedFunction generatedFunction,
</span><span class="lines">@@ -181,23 +224,16 @@
</span><span class="cx">
</span><span class="cx"> char* startOfIC =
</span><span class="cx"> bitwise_cast<char*>(generatedFunction) + record.instructionOffset;
</span><del>-
- LinkBuffer linkBuffer(vm, fastPathJIT, startOfIC, sizeOfIC);
- // Note: we could handle the !isValid() case. We just don't appear to have a
- // reason to do so, yet.
- RELEASE_ASSERT(linkBuffer.isValid());
-
- MacroAssembler::AssemblerType_T::fillNops(
- startOfIC + linkBuffer.size(), sizeOfIC - linkBuffer.size());
-
- state.finalizer->sideCodeLinkBuffer->link(
- ic.m_slowPathDone[i], CodeLocationLabel(startOfIC + sizeOfIC));
-
- linkBuffer.link(
- generator.slowPathJump(),
- state.finalizer->sideCodeLinkBuffer->locationOf(generator.slowPathBegin()));
-
- generator.finalize(linkBuffer, *state.finalizer->sideCodeLinkBuffer);
</del><ins>+
+ generateInlineIfPossibleOutOfLineIfNot(state, vm, codeBlock, fastPathJIT, startOfIC, sizeOfIC, "inline cache fast path", [&] (LinkBuffer& linkBuffer, CCallHelpers&, bool) {
+ state.finalizer->sideCodeLinkBuffer->link(ic.m_slowPathDone[i],
+ CodeLocationLabel(startOfIC + sizeOfIC));
+
+ linkBuffer.link(generator.slowPathJump(),
+ state.finalizer->sideCodeLinkBuffer->locationOf(generator.slowPathBegin()));
+
+ generator.finalize(linkBuffer, *state.finalizer->sideCodeLinkBuffer);
+ });
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -232,33 +268,29 @@
</span><span class="cx">
</span><span class="cx"> char* startOfIC =
</span><span class="cx"> bitwise_cast<char*>(generatedFunction) + record.instructionOffset;
</span><del>-
- LinkBuffer fastPath(vm, fastPathJIT, startOfIC, sizeOfIC);
- LinkBuffer& slowPath = *state.finalizer->sideCodeLinkBuffer;
- // Note: we could handle the !isValid() case. We just don't appear to have a
- // reason to do so, yet.
- RELEASE_ASSERT(fastPath.isValid());
</del><span class="cx">
</span><del>- MacroAssembler::AssemblerType_T::fillNops(
- startOfIC + fastPath.size(), sizeOfIC - fastPath.size());
-
- state.finalizer->sideCodeLinkBuffer->link(
- ic.m_slowPathDone[i], CodeLocationLabel(startOfIC + sizeOfIC));
-
- CodeLocationLabel slowPathBeginLoc = slowPath.locationOf(slowPathBegin);
- fastPath.link(jump, slowPathBeginLoc);
</del><ins>+ auto postLink = [&] (LinkBuffer& fastPath, CCallHelpers&, bool) {
+ LinkBuffer& slowPath = *state.finalizer->sideCodeLinkBuffer;
</ins><span class="cx">
</span><del>- CodeLocationCall callReturnLocation = slowPath.locationOf(call);
</del><ins>+ state.finalizer->sideCodeLinkBuffer->link(
+ ic.m_slowPathDone[i], CodeLocationLabel(startOfIC + sizeOfIC));
</ins><span class="cx">
</span><del>- stubInfo.patch.deltaCallToDone = MacroAssembler::differenceBetweenCodePtr(
- callReturnLocation, fastPath.locationOf(done));
</del><ins>+ CodeLocationLabel slowPathBeginLoc = slowPath.locationOf(slowPathBegin);
+ fastPath.link(jump, slowPathBeginLoc);
</ins><span class="cx">
</span><del>- stubInfo.patch.deltaCallToJump = MacroAssembler::differenceBetweenCodePtr(
- callReturnLocation, fastPath.locationOf(jump));
- stubInfo.callReturnLocation = callReturnLocation;
- stubInfo.patch.deltaCallToSlowCase = MacroAssembler::differenceBetweenCodePtr(
- callReturnLocation, slowPathBeginLoc);
-
</del><ins>+ CodeLocationCall callReturnLocation = slowPath.locationOf(call);
+
+ stubInfo.patch.deltaCallToDone = MacroAssembler::differenceBetweenCodePtr(
+ callReturnLocation, fastPath.locationOf(done));
+
+ stubInfo.patch.deltaCallToJump = MacroAssembler::differenceBetweenCodePtr(
+ callReturnLocation, fastPath.locationOf(jump));
+ stubInfo.callReturnLocation = callReturnLocation;
+ stubInfo.patch.deltaCallToSlowCase = MacroAssembler::differenceBetweenCodePtr(
+ callReturnLocation, slowPathBeginLoc);
+ };
+
+ generateInlineIfPossibleOutOfLineIfNot(state, vm, codeBlock, fastPathJIT, startOfIC, sizeOfIC, "CheckIn inline cache", postLink);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -559,19 +591,12 @@
</span><span class="cx">
</span><span class="cx"> CCallHelpers fastPathJIT(&vm, codeBlock);
</span><span class="cx"> call.emit(fastPathJIT);
</span><del>-
</del><ins>+
</ins><span class="cx"> char* startOfIC = bitwise_cast<char*>(generatedFunction) + call.m_instructionOffset;
</span><del>-
- LinkBuffer linkBuffer(vm, fastPathJIT, startOfIC, sizeOfCall());
- if (!linkBuffer.isValid()) {
- dataLog("Failed to insert inline cache for call because we thought the size would be ", sizeOfCall(), " but it ended up being ", fastPathJIT.m_assembler.codeSize(), " prior to compaction.\n");
- RELEASE_ASSERT_NOT_REACHED();
- }
-
- MacroAssembler::AssemblerType_T::fillNops(
- startOfIC + linkBuffer.size(), sizeOfCall() - linkBuffer.size());
-
- call.link(vm, linkBuffer);
</del><ins>+
+ generateInlineIfPossibleOutOfLineIfNot(state, vm, codeBlock, fastPathJIT, startOfIC, sizeOfCall(), "JSCall inline cache", [&] (LinkBuffer& linkBuffer, CCallHelpers&, bool) {
+ call.link(vm, linkBuffer);
+ });
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> adjustCallICsForStackmaps(state.jsCallVarargses, recordMap);
</span><span class="lines">@@ -581,20 +606,13 @@
</span><span class="cx">
</span><span class="cx"> CCallHelpers fastPathJIT(&vm, codeBlock);
</span><span class="cx"> call.emit(fastPathJIT, varargsSpillSlotsOffset);
</span><del>-
</del><ins>+
</ins><span class="cx"> char* startOfIC = bitwise_cast<char*>(generatedFunction) + call.m_instructionOffset;
</span><span class="cx"> size_t sizeOfIC = sizeOfICFor(call.node());
</span><span class="cx">
</span><del>- LinkBuffer linkBuffer(vm, fastPathJIT, startOfIC, sizeOfIC);
- if (!linkBuffer.isValid()) {
- dataLog("Failed to insert inline cache for varargs call (specifically, ", Graph::opName(call.node()->op()), ") because we thought the size would be ", sizeOfIC, " but it ended up being ", fastPathJIT.m_assembler.codeSize(), " prior to compaction.\n");
- RELEASE_ASSERT_NOT_REACHED();
- }
-
- MacroAssembler::AssemblerType_T::fillNops(
- startOfIC + linkBuffer.size(), sizeOfIC - linkBuffer.size());
-
- call.link(vm, linkBuffer, state.finalizer->handleExceptionsLinkBuffer->entrypoint());
</del><ins>+ generateInlineIfPossibleOutOfLineIfNot(state, vm, codeBlock, fastPathJIT, startOfIC, sizeOfIC, "varargs call inline cache", [&] (LinkBuffer& linkBuffer, CCallHelpers&, bool) {
+ call.link(vm, linkBuffer, state.finalizer->handleExceptionsLinkBuffer->entrypoint());
+ });
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> RepatchBuffer repatchBuffer(codeBlock);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLJITFinalizercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp (185771 => 185772)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp 2015-06-19 22:24:55 UTC (rev 185771)
+++ trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp 2015-06-19 22:28:18 UTC (rev 185772)
</span><span class="lines">@@ -127,7 +127,13 @@
</span><span class="cx"> toCString(CodeBlockWithJITType(m_plan.codeBlock.get(), JITCode::FTLJIT)).data()))
</span><span class="cx"> .executableMemory());
</span><span class="cx"> }
</span><del>-
</del><ins>+
+ for (unsigned i = 0; i < outOfLineCodeInfos.size(); ++i) {
+ jitCode->addHandle(FINALIZE_DFG_CODE(
+ *outOfLineCodeInfos[i].m_linkBuffer,
+ ("FTL out of line code for %s", outOfLineCodeInfos[i].m_codeDescription)).executableMemory());
+ }
+
</ins><span class="cx"> jitCode->initializeArityCheckEntrypoint(
</span><span class="cx"> FINALIZE_DFG_CODE(
</span><span class="cx"> *entrypointLinkBuffer,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLJITFinalizerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.h (185771 => 185772)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.h 2015-06-19 22:24:55 UTC (rev 185771)
+++ trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.h 2015-06-19 22:28:18 UTC (rev 185772)
</span><span class="lines">@@ -39,11 +39,23 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC { namespace FTL {
</span><span class="cx">
</span><ins>+class OutOfLineCodeInfo {
+public:
+ OutOfLineCodeInfo(std::unique_ptr<LinkBuffer> linkBuffer, const char* codeDescription)
+ : m_linkBuffer(WTF::move(linkBuffer))
+ , m_codeDescription(codeDescription)
+ {
+ }
+
+ std::unique_ptr<LinkBuffer> m_linkBuffer;
+ const char* m_codeDescription;
+};
+
</ins><span class="cx"> class JITFinalizer : public DFG::Finalizer {
</span><span class="cx"> public:
</span><span class="cx"> JITFinalizer(DFG::Plan&);
</span><span class="cx"> virtual ~JITFinalizer();
</span><del>-
</del><ins>+
</ins><span class="cx"> size_t codeSize() override;
</span><span class="cx"> bool finalize() override;
</span><span class="cx"> bool finalizeFunction() override;
</span><span class="lines">@@ -52,6 +64,7 @@
</span><span class="cx"> std::unique_ptr<LinkBuffer> entrypointLinkBuffer;
</span><span class="cx"> std::unique_ptr<LinkBuffer> sideCodeLinkBuffer;
</span><span class="cx"> std::unique_ptr<LinkBuffer> handleExceptionsLinkBuffer;
</span><ins>+ Vector<OutOfLineCodeInfo> outOfLineCodeInfos;
</ins><span class="cx"> Vector<SlowPathCall> slowPathCalls; // Calls inside the side code.
</span><span class="cx"> Vector<OSRExitCompilationInfo> osrExit;
</span><span class="cx"> GeneratedFunction function;
</span></span></pre>
</div>
</div>
</body>
</html>