Incremental bytecode cache should not append function updates when loaded from memory
authortzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 15 Apr 2019 21:55:33 +0000 (21:55 +0000)
committertzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 15 Apr 2019 21:55:33 +0000 (21:55 +0000)
commit22997d8058fcfeb4d8add25b701dbe454385552b
treec56d7bf7947743d9dca49bd92749a7d1a4bb7092
parentdcb28df4af3cbc2d5edc54349343f4e17923d0ab
Incremental bytecode cache should not append function updates when loaded from memory
https://bugs.webkit.org/show_bug.cgi?id=196865

Reviewed by Filip Pizlo.

JSTests:

* stress/bytecode-cache-shared-code-block.js: Added.
(b):
(program):

Source/JavaScriptCore:

Function updates hold the assumption that a function can only be executed/cached
after its containing code block has already been cached. This assumptions does
not hold if the UnlinkedCodeBlock is loaded from memory by the CodeCache, since
we might have two independent SourceProviders executing different paths of the
code and causing the same UnlinkedCodeBlock to be modified in memory.
Use a RefPtr instead of Ref for m_cachedBytecode in ShellSourceProvider to distinguish
between a new, empty cache and a cache that was not loaded and therefore cannot be updated.

* jsc.cpp:
(ShellSourceProvider::ShellSourceProvider):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244295 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/bytecode-cache-shared-code-block.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jsc.cpp