Fix DeferredSourceDump to capture the caller bytecodeIndex instead of CodeOrigin.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 5 Sep 2018 20:21:15 +0000 (20:21 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 5 Sep 2018 20:21:15 +0000 (20:21 +0000)
commitdd409d667b3607893ada0de0af53d2808d01e9c1
treea4ce0d4b3f796678975a9870b8f15e3e8e3967c9
parent1b70bb1dbcaf47ee97b3130ee6f416ec08cb3b94
Fix DeferredSourceDump to capture the caller bytecodeIndex instead of CodeOrigin.
https://bugs.webkit.org/show_bug.cgi?id=189300
<rdar://problem/39681779>

Reviewed by Saam Barati.

At the time a DeferredSourceDump is instantiated, it captures a CodeOrigin value
which points to a InlineCallFrame in the DFG::Plan's m_inlineCallFrames set.  The
DeferredSourceDump is later used to dump source even if the compilation fails.
This is intentional so that we can use this tool to see what source fails to
compile as well.

The DFG::Plan may have been destructed by then, and since the compilation failed,
the InlineCallFrame is also destructed.  This means DeferredSourceDump::dump()
may be end up accessing freed memory.

DeferredSourceDump doesn't really need a CodeOrigin.  All it wants is the caller
bytecodeIndex for the call to an inlined function.  Hence, we can fix this issue
by changing DeferredSourceDump to capture the caller bytecodeIndex instead.

In this patch, we also change DeferredSourceDump's m_codeBlock and m_rootCodeBlock
to be Strong references to ensure that the CodeBlocks are kept alive until they
can be dumped.

* bytecode/DeferredCompilationCallback.cpp:
(JSC::DeferredCompilationCallback::dumpCompiledSourcesIfNeeded):
* bytecode/DeferredSourceDump.cpp:
(JSC::DeferredSourceDump::DeferredSourceDump):
(JSC::DeferredSourceDump::dump):
* bytecode/DeferredSourceDump.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseCodeBlock):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235684 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/DeferredCompilationCallback.cpp
Source/JavaScriptCore/bytecode/DeferredSourceDump.cpp
Source/JavaScriptCore/bytecode/DeferredSourceDump.h
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp