[webkit-reviews] review granted: [Bug 189940] Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock : [Attachment 350726] patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 25 12:48:39 PDT 2018


Mark Lam <mark.lam at apple.com> has granted Saam Barati <sbarati at apple.com>'s
request for review:
Bug 189940: Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in
operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=189940

Attachment 350726: patch

https://bugs.webkit.org/attachment.cgi?id=350726&action=review




--- Comment #4 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 350726
  --> https://bugs.webkit.org/attachment.cgi?id=350726
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=350726&action=review

r=me

> Source/JavaScriptCore/ChangeLog:14
> +	   We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with
the FTL
> +	   CodeBlock. There is nothing semantically wrong with doing that
(except for
> +	   poor naming), however, the poor naming here led us to make a real
semantic
> +	   mistake. We wanted the baseline CodeBlock's constant pool, but we
were
> +	   accessing the FTL CodeBlock's constant pool accidentally. We need to
> +	   access the baseline CodeBlock's constant pool when we update the
NewArrayBuffer
> +	   constant value.

In baselineCodeBlockForOriginAndBaselineCodeBlock(), can we
ASSERT(JITCode::isBaselineCode(baselineCodeBlock->jitType())?  That will help
catch this error sooner in the future.


More information about the webkit-reviews mailing list