<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[204362] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/204362">204362</a></dd>
<dt>Author</dt> <dd>msaboff@apple.com</dd>
<dt>Date</dt> <dd>2016-08-10 16:45:05 -0700 (Wed, 10 Aug 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Baseline GetByVal and PutByVal for cache ID stubs need to handle exceptions
https://bugs.webkit.org/show_bug.cgi?id=160749
Reviewed by Filip Pizlo.
JSTests:
New test that causes baseline GetByValWithCachedId and PutByValWithCachedId
stubs to be generated and then throws exceptions for those stub to handle
to verify that they are properly handled.
* stress/regress-160749.js: Added.
(testCachedGetByVal.):
(testCachedGetByVal.get for):
(testCachedGetByVal):
(testCachedPutByVal.):
(testCachedPutByVal.set for):
(testCachedPutByVal):
Source/JavaScriptCore:
We were emitting "callOperation()" calls in emitGetByValWithCachedId() and
emitPutByValWithCachedId() without linking the exception checks created by the
code emitted. This manifested itself in various ways depending on the processor.
This is due to what the destination is for an unlinked branch. On X86, an unlinked
branch goes tot he next instructions. On ARM64, we end up with an infinite loop
as we branch to the same instruction. On ARM we branch to 0 as the branch is to
an absolute address of 0.
Now we save the exception handler address for the original generated function and
link the exception cases for these by-val stubs to this handler.
* bytecode/ByValInfo.h:
(JSC::ByValInfo::ByValInfo): Added the address of the exception handler we should
link to.
* jit/JIT.cpp:
(JSC::JIT::link): Compute the linked exception handler address and pass it to
the ByValInfo constructor.
(JSC::JIT::privateCompileExceptionHandlers): Make sure that we generate the
exception handler if we have any by-val handlers.
* jit/JIT.h:
Added a label for the exception handler. We'll link this later for the
by value handlers.
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByValWithCachedId):
(JSC::JIT::privateCompilePutByValWithCachedId):
Link exception branches to the exception handler for the main function.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkJSTestsChangeLog">trunk/JSTests/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeByValInfoh">trunk/Source/JavaScriptCore/bytecode/ByValInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITcpp">trunk/Source/JavaScriptCore/jit/JIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITh">trunk/Source/JavaScriptCore/jit/JIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITPropertyAccesscpp">trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkJSTestsstressregress160749js">trunk/JSTests/stress/regress-160749.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkJSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/ChangeLog (204361 => 204362)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/ChangeLog 2016-08-10 23:30:24 UTC (rev 204361)
+++ trunk/JSTests/ChangeLog 2016-08-10 23:45:05 UTC (rev 204362)
</span><span class="lines">@@ -1,3 +1,22 @@
</span><ins>+2016-08-10 Michael Saboff <msaboff@apple.com>
+
+ Baseline GetByVal and PutByVal for cache ID stubs need to handle exceptions
+ https://bugs.webkit.org/show_bug.cgi?id=160749
+
+ Reviewed by Filip Pizlo.
+
+ New test that causes baseline GetByValWithCachedId and PutByValWithCachedId
+ stubs to be generated and then throws exceptions for those stub to handle
+ to verify that they are properly handled.
+
+ * stress/regress-160749.js: Added.
+ (testCachedGetByVal.):
+ (testCachedGetByVal.get for):
+ (testCachedGetByVal):
+ (testCachedPutByVal.):
+ (testCachedPutByVal.set for):
+ (testCachedPutByVal):
+
</ins><span class="cx"> 2016-08-10 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> DFG's flushForTerminal() needs to add PhantomLocals for bytecode live locals.
</span></span></pre></div>
<a id="trunkJSTestsstressregress160749js"></a>
<div class="addfile"><h4>Added: trunk/JSTests/stress/regress-160749.js (0 => 204362)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/stress/regress-160749.js (rev 0)
+++ trunk/JSTests/stress/regress-160749.js 2016-08-10 23:45:05 UTC (rev 204362)
</span><span class="lines">@@ -0,0 +1,91 @@
</span><ins>+// Regression test for 160749. This test should not exit with an error or crash.
+// Check that the Baseline JIT GetByValWithCacheId and PutByValWithCahcedId stubs properly handle exceptions.
+
+function testCachedGetByVal()
+{
+ o = { };
+ o['a'] = 42;
+
+ let result = 0;
+ let loopCount = 100000;
+ let interationToChange = 90000;
+ let expectedResult = 42 * interationToChange;
+ let exceptions = 0;
+ let expectedExceptions = loopCount - interationToChange;
+
+ for (let i = 0; i < loopCount; i++) {
+ if (i == interationToChange) {
+ Object.defineProperty(o, "a", {
+ enumerable: true,
+ get: function() { throw "error"; return 100; }
+ });
+ }
+
+ for (let v in o) {
+ try {
+ result += o[v.toString()];
+ } catch(e) {
+ if (e == "error")
+ exceptions++;
+ else
+ throw "Got wrong exception \"" + e + "\"";
+ }
+ }
+ }
+
+ if (result != expectedResult)
+ throw "Expected a result of " + expectedResult + ", but got " + result;
+ if (exceptions != expectedExceptions)
+ throw "1 Expected " + expectedExceptions + " exceptions, but got " + exceptions;
+}
+
+noDFG(testCachedGetByVal);
+
+function testCachedPutByVal()
+{
+ o = { };
+ o['a'] = 0;
+
+ let result = 0;
+ let loopCount = 100000;
+ let iterationToChange = 90000;
+ let exceptions = 0;
+ let expectedExceptions = loopCount - iterationToChange;
+
+ for (let i = 0; i < loopCount; i++) {
+ if (i == iterationToChange) {
+ result = o.a;
+ Object.defineProperty(o, "_a", {
+ enumerable: false,
+ value: -1
+ });
+ Object.defineProperty(o, "a", {
+ enumerable: true,
+ set: function(v) { throw "error"; o._a = v; }
+ });
+ }
+
+ for (let v in o) {
+ try {
+ o[v.toString()] = i + 1;
+ } catch(e) {
+ if (e == "error")
+ exceptions++;
+ else
+ throw "Got wrong exception \"" + e + "\"";
+ }
+ }
+ }
+
+ if (result != iterationToChange)
+ throw "Expected a result of " + result + ", but got " + o.a;
+ if (o._a != -1)
+ throw "Expected o._b to -1, but it is " + o._a;
+ if (exceptions != expectedExceptions)
+ throw "Expected " + expectedExceptions + " exceptions, but got " + exceptions;
+}
+
+noDFG(testCachedPutByVal);
+
+testCachedGetByVal();
+testCachedPutByVal();
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (204361 => 204362)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-08-10 23:30:24 UTC (rev 204361)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-08-10 23:45:05 UTC (rev 204362)
</span><span class="lines">@@ -1,3 +1,40 @@
</span><ins>+2016-08-10 Michael Saboff <msaboff@apple.com>
+
+ Baseline GetByVal and PutByVal for cache ID stubs need to handle exceptions
+ https://bugs.webkit.org/show_bug.cgi?id=160749
+
+ Reviewed by Filip Pizlo.
+
+ We were emitting "callOperation()" calls in emitGetByValWithCachedId() and
+ emitPutByValWithCachedId() without linking the exception checks created by the
+ code emitted. This manifested itself in various ways depending on the processor.
+ This is due to what the destination is for an unlinked branch. On X86, an unlinked
+ branch goes tot he next instructions. On ARM64, we end up with an infinite loop
+ as we branch to the same instruction. On ARM we branch to 0 as the branch is to
+ an absolute address of 0.
+
+ Now we save the exception handler address for the original generated function and
+ link the exception cases for these by-val stubs to this handler.
+
+ * bytecode/ByValInfo.h:
+ (JSC::ByValInfo::ByValInfo): Added the address of the exception handler we should
+ link to.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::link): Compute the linked exception handler address and pass it to
+ the ByValInfo constructor.
+ (JSC::JIT::privateCompileExceptionHandlers): Make sure that we generate the
+ exception handler if we have any by-val handlers.
+
+ * jit/JIT.h:
+ Added a label for the exception handler. We'll link this later for the
+ by value handlers.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByValWithCachedId):
+ (JSC::JIT::privateCompilePutByValWithCachedId):
+ Link exception branches to the exception handler for the main function.
+
</ins><span class="cx"> 2016-08-10 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> DFG's flushForTerminal() needs to add PhantomLocals for bytecode live locals.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeByValInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/ByValInfo.h (204361 => 204362)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/ByValInfo.h 2016-08-10 23:30:24 UTC (rev 204361)
+++ trunk/Source/JavaScriptCore/bytecode/ByValInfo.h 2016-08-10 23:45:05 UTC (rev 204362)
</span><span class="lines">@@ -207,10 +207,11 @@
</span><span class="cx"> struct ByValInfo {
</span><span class="cx"> ByValInfo() { }
</span><span class="cx">
</span><del>- ByValInfo(unsigned bytecodeIndex, CodeLocationJump notIndexJump, CodeLocationJump badTypeJump, JITArrayMode arrayMode, ArrayProfile* arrayProfile, int16_t badTypeJumpToDone, int16_t badTypeJumpToNextHotPath, int16_t returnAddressToSlowPath)
</del><ins>+ ByValInfo(unsigned bytecodeIndex, CodeLocationJump notIndexJump, CodeLocationJump badTypeJump, CodeLocationLabel exceptionHandler, JITArrayMode arrayMode, ArrayProfile* arrayProfile, int16_t badTypeJumpToDone, int16_t badTypeJumpToNextHotPath, int16_t returnAddressToSlowPath)
</ins><span class="cx"> : bytecodeIndex(bytecodeIndex)
</span><span class="cx"> , notIndexJump(notIndexJump)
</span><span class="cx"> , badTypeJump(badTypeJump)
</span><ins>+ , exceptionHandler(exceptionHandler)
</ins><span class="cx"> , arrayMode(arrayMode)
</span><span class="cx"> , arrayProfile(arrayProfile)
</span><span class="cx"> , badTypeJumpToDone(badTypeJumpToDone)
</span><span class="lines">@@ -226,6 +227,7 @@
</span><span class="cx"> unsigned bytecodeIndex;
</span><span class="cx"> CodeLocationJump notIndexJump;
</span><span class="cx"> CodeLocationJump badTypeJump;
</span><ins>+ CodeLocationLabel exceptionHandler;
</ins><span class="cx"> JITArrayMode arrayMode; // The array mode that was baked into the inline JIT code.
</span><span class="cx"> ArrayProfile* arrayProfile;
</span><span class="cx"> int16_t badTypeJumpToDone;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JIT.cpp (204361 => 204362)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JIT.cpp 2016-08-10 23:30:24 UTC (rev 204361)
+++ trunk/Source/JavaScriptCore/jit/JIT.cpp 2016-08-10 23:45:05 UTC (rev 204362)
</span><span class="lines">@@ -725,27 +725,33 @@
</span><span class="cx"> for (unsigned i = m_putByIds.size(); i--;)
</span><span class="cx"> m_putByIds[i].finalize(patchBuffer);
</span><span class="cx">
</span><del>- for (const auto& byValCompilationInfo : m_byValCompilationInfo) {
- PatchableJump patchableNotIndexJump = byValCompilationInfo.notIndexJump;
- CodeLocationJump notIndexJump = CodeLocationJump();
- if (Jump(patchableNotIndexJump).isSet())
- notIndexJump = CodeLocationJump(patchBuffer.locationOf(patchableNotIndexJump));
- CodeLocationJump badTypeJump = CodeLocationJump(patchBuffer.locationOf(byValCompilationInfo.badTypeJump));
- CodeLocationLabel doneTarget = patchBuffer.locationOf(byValCompilationInfo.doneTarget);
- CodeLocationLabel nextHotPathTarget = patchBuffer.locationOf(byValCompilationInfo.nextHotPathTarget);
- CodeLocationLabel slowPathTarget = patchBuffer.locationOf(byValCompilationInfo.slowPathTarget);
- CodeLocationCall returnAddress = patchBuffer.locationOf(byValCompilationInfo.returnAddress);
</del><ins>+ if (m_byValCompilationInfo.size()) {
+ CodeLocationLabel exceptionHandler = patchBuffer.locationOf(m_exceptionHandler);
</ins><span class="cx">
</span><del>- *byValCompilationInfo.byValInfo = ByValInfo(
- byValCompilationInfo.bytecodeIndex,
- notIndexJump,
- badTypeJump,
- byValCompilationInfo.arrayMode,
- byValCompilationInfo.arrayProfile,
- differenceBetweenCodePtr(badTypeJump, doneTarget),
- differenceBetweenCodePtr(badTypeJump, nextHotPathTarget),
- differenceBetweenCodePtr(returnAddress, slowPathTarget));
</del><ins>+ for (const auto& byValCompilationInfo : m_byValCompilationInfo) {
+ PatchableJump patchableNotIndexJump = byValCompilationInfo.notIndexJump;
+ CodeLocationJump notIndexJump = CodeLocationJump();
+ if (Jump(patchableNotIndexJump).isSet())
+ notIndexJump = CodeLocationJump(patchBuffer.locationOf(patchableNotIndexJump));
+ CodeLocationJump badTypeJump = CodeLocationJump(patchBuffer.locationOf(byValCompilationInfo.badTypeJump));
+ CodeLocationLabel doneTarget = patchBuffer.locationOf(byValCompilationInfo.doneTarget);
+ CodeLocationLabel nextHotPathTarget = patchBuffer.locationOf(byValCompilationInfo.nextHotPathTarget);
+ CodeLocationLabel slowPathTarget = patchBuffer.locationOf(byValCompilationInfo.slowPathTarget);
+ CodeLocationCall returnAddress = patchBuffer.locationOf(byValCompilationInfo.returnAddress);
+
+ *byValCompilationInfo.byValInfo = ByValInfo(
+ byValCompilationInfo.bytecodeIndex,
+ notIndexJump,
+ badTypeJump,
+ exceptionHandler,
+ byValCompilationInfo.arrayMode,
+ byValCompilationInfo.arrayProfile,
+ differenceBetweenCodePtr(badTypeJump, doneTarget),
+ differenceBetweenCodePtr(badTypeJump, nextHotPathTarget),
+ differenceBetweenCodePtr(returnAddress, slowPathTarget));
+ }
</ins><span class="cx"> }
</span><ins>+
</ins><span class="cx"> for (unsigned i = 0; i < m_callCompilationInfo.size(); ++i) {
</span><span class="cx"> CallCompilationInfo& compilationInfo = m_callCompilationInfo[i];
</span><span class="cx"> CallLinkInfo& info = *compilationInfo.callLinkInfo;
</span><span class="lines">@@ -825,7 +831,8 @@
</span><span class="cx"> jumpToExceptionHandler();
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (!m_exceptionChecks.empty()) {
</del><ins>+ if (!m_exceptionChecks.empty() || m_byValCompilationInfo.size()) {
+ m_exceptionHandler = label();
</ins><span class="cx"> m_exceptionChecks.link(this);
</span><span class="cx">
</span><span class="cx"> copyCalleeSavesToVMEntryFrameCalleeSavesBuffer();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JIT.h (204361 => 204362)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JIT.h 2016-08-10 23:30:24 UTC (rev 204361)
+++ trunk/Source/JavaScriptCore/jit/JIT.h 2016-08-10 23:45:05 UTC (rev 204362)
</span><span class="lines">@@ -943,6 +943,7 @@
</span><span class="cx">
</span><span class="cx"> JumpList m_exceptionChecks;
</span><span class="cx"> JumpList m_exceptionChecksWithCallFrameRollback;
</span><ins>+ Label m_exceptionHandler;
</ins><span class="cx">
</span><span class="cx"> unsigned m_getByIdIndex;
</span><span class="cx"> unsigned m_putByIdIndex;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITPropertyAccesscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp (204361 => 204362)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2016-08-10 23:30:24 UTC (rev 204361)
+++ trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2016-08-10 23:45:05 UTC (rev 204362)
</span><span class="lines">@@ -1331,6 +1331,8 @@
</span><span class="cx"> patchBuffer.link(slowCases, CodeLocationLabel(MacroAssemblerCodePtr::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
</span><span class="cx"> patchBuffer.link(fastDoneCase, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToDone));
</span><span class="cx"> patchBuffer.link(slowDoneCase, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToNextHotPath));
</span><ins>+ if (!m_exceptionChecks.empty())
+ patchBuffer.link(m_exceptionChecks, byValInfo->exceptionHandler);
</ins><span class="cx">
</span><span class="cx"> for (const auto& callSite : m_calls) {
</span><span class="cx"> if (callSite.to)
</span><span class="lines">@@ -1419,6 +1421,9 @@
</span><span class="cx"> LinkBuffer patchBuffer(*m_vm, *this, m_codeBlock);
</span><span class="cx"> patchBuffer.link(slowCases, CodeLocationLabel(MacroAssemblerCodePtr::createFromExecutableAddress(returnAddress.value())).labelAtOffset(byValInfo->returnAddressToSlowPath));
</span><span class="cx"> patchBuffer.link(doneCases, byValInfo->badTypeJump.labelAtOffset(byValInfo->badTypeJumpToDone));
</span><ins>+ if (!m_exceptionChecks.empty())
+ patchBuffer.link(m_exceptionChecks, byValInfo->exceptionHandler);
+
</ins><span class="cx"> for (const auto& callSite : m_calls) {
</span><span class="cx"> if (callSite.to)
</span><span class="cx"> patchBuffer.link(callSite.from, FunctionPtr(callSite.to));
</span></span></pre>
</div>
</div>
</body>
</html>