B3::Value doesn't self-destruct virtually enough (Causes many leaks in LowerDFGToB3...
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 23 Feb 2016 22:17:24 +0000 (22:17 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 23 Feb 2016 22:17:24 +0000 (22:17 +0000)
commit75993ee9fc4341d73887a91c0b5de74045f853b6
tree37129ce67e30598fe2d07b937c12c61d2afe2134
parent5362750e074f0769e71786cfd81927b867ebe8a8
B3::Value doesn't self-destruct virtually enough (Causes many leaks in LowerDFGToB3::appendOSRExit)
https://bugs.webkit.org/show_bug.cgi?id=154592

Reviewed by Saam Barati.

If Foo has a virtual destructor, then:

foo->Foo::~Foo() does a non-virtual call to Foo's destructor. Even if foo points to a
subclass of Foo that overrides the destructor, this syntax will not call that override.

foo->~Foo() does a virtual call to the destructor, and so if foo points to a subclass, you
get the subclass's override.

In B3, we used this->Value::~Value() thinking that it would call the subclass's override.
This caused leaks because this didn't actually call the subclass's override. This fixes the
problem by using this->~Value() instead.

* b3/B3ControlValue.cpp:
(JSC::B3::ControlValue::convertToJump):
(JSC::B3::ControlValue::convertToOops):
* b3/B3Value.cpp:
(JSC::B3::Value::replaceWithIdentity):
(JSC::B3::Value::replaceWithNop):
(JSC::B3::Value::replaceWithPhi):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196996 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/b3/B3ControlValue.cpp
Source/JavaScriptCore/b3/B3Value.cpp