Need to check ObjectPropertyCondition liveness before accessing it when firing watchp...
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 16 Mar 2019 04:44:57 +0000 (04:44 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 16 Mar 2019 04:44:57 +0000 (04:44 +0000)
commit94d060645dd6d7ab43fd08c0e5d276c464eeabc3
tree986652dfe198023a73848b2c7f8ed131e7a1a877
parent7b49435fbbda7ffdf4fe869cd7a48c26341cdf36
Need to check ObjectPropertyCondition liveness before accessing it when firing watchpoints.
https://bugs.webkit.org/show_bug.cgi?id=195827
<rdar://problem/48845513>

Reviewed by Filip Pizlo.

JSTests:

* stress/check-object-property-condition-liveness-before-accessing-it-when-watchpoints-fire.js: Added.

Source/JavaScriptCore:

m_object in ObjectPropertyCondition may no longer be live by the time the watchpoint fires.

* bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp:
(JSC::AdaptiveInferredPropertyValueWatchpointBase::fire):
* bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
* bytecode/ObjectPropertyCondition.cpp:
(JSC::ObjectPropertyCondition::dumpInContext const):
* bytecode/StructureStubClearingWatchpoint.cpp:
(JSC::StructureStubClearingWatchpoint::fireInternal):
* dfg/DFGAdaptiveStructureWatchpoint.cpp:
(JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
* runtime/StructureRareData.cpp:
(JSC::ObjectToStringAdaptiveStructureWatchpoint::fireInternal):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243032 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/check-object-property-condition-liveness-before-accessing-it-when-watchpoints-fire.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp
Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp
Source/JavaScriptCore/bytecode/ObjectPropertyCondition.cpp
Source/JavaScriptCore/bytecode/StructureStubClearingWatchpoint.cpp
Source/JavaScriptCore/dfg/DFGAdaptiveStructureWatchpoint.cpp
Source/JavaScriptCore/runtime/StructureRareData.cpp