JIT snippet generator JumpLists should be returned as references.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 Nov 2015 18:00:18 +0000 (18:00 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 Nov 2015 18:00:18 +0000 (18:00 +0000)
commit264e15c7de9e7959ffababf6b4219c4d153473a4
treee329facbec7d0a9c8811eedc74eb37ea32cd8beb
parentd721610580307027fa47f0c4e4e891d9b838caa2
JIT snippet generator JumpLists should be returned as references.
https://bugs.webkit.org/show_bug.cgi?id=151445

Reviewed by Gavin Barraclough.

The JumpLists were being returned by value.  As a result, new jumps added to
them in the client are actually added to a temporary copy and promptly discarded.
Those jumps never get linked, resulting in infinite loops in DFG generated code
that used the snippets.

* jit/JITAddGenerator.h:
(JSC::JITAddGenerator::endJumpList):
(JSC::JITAddGenerator::slowPathJumpList):
* jit/JITMulGenerator.h:
(JSC::JITMulGenerator::endJumpList):
(JSC::JITMulGenerator::slowPathJumpList):
* jit/JITSubGenerator.h:
(JSC::JITSubGenerator::endJumpList):
(JSC::JITSubGenerator::slowPathJumpList):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@192632 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/JITAddGenerator.h
Source/JavaScriptCore/jit/JITMulGenerator.h
Source/JavaScriptCore/jit/JITSubGenerator.h