CodeBlock crashes when dumping op_push_name_scope
authorbenjamin@webkit.org <benjamin@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 25 Feb 2015 22:32:58 +0000 (22:32 +0000)
committerbenjamin@webkit.org <benjamin@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 25 Feb 2015 22:32:58 +0000 (22:32 +0000)
https://bugs.webkit.org/show_bug.cgi?id=141953

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-02-25
PerformanceTests/SunSpider:

Reviewed by Filip Pizlo.

* profiler-test.yaml:

Source/JavaScriptCore:

Reviewed by Filip Pizlo and Csaba Osztrogonác.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* tests/stress/op-push-name-scope-crashes-profiler.js: Added.

Tools:

Reviewed by Filip Pizlo.

* Scripts/run-jsc-stress-tests:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@180639 268f45cc-cd09-0410-ab3c-d52691b4dbfc

PerformanceTests/SunSpider/ChangeLog
PerformanceTests/SunSpider/profiler-test.yaml
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/tests/stress/op-push-name-scope-crashes-profiler.js [new file with mode: 0644]
Tools/ChangeLog
Tools/Scripts/run-jsc-stress-tests

index ba79e11..8c85cd9 100644 (file)
@@ -1,3 +1,12 @@
+2015-02-25  Benjamin Poulain  <bpoulain@apple.com>
+
+        CodeBlock crashes when dumping op_push_name_scope
+        https://bugs.webkit.org/show_bug.cgi?id=141953
+
+        Reviewed by Filip Pizlo.
+
+        * profiler-test.yaml:
+
 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
 
         [Win] JSC profiler tests asserts in debug mode
 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
 
         [Win] JSC profiler tests asserts in debug mode
index c97d550..7da95d2 100644 (file)
@@ -25,9 +25,4 @@
 # with the runProfiler command.
 
 - path: tests/sunspider-1.0
 # with the runProfiler command.
 
 - path: tests/sunspider-1.0
-  cmd: |
-      if ($architecture !~ /x86/i and $hostOS == "darwin") or ($hostOS == "windows")
-          skip
-      else
-          runProfiler
-      end
+  cmd: runProfiler
\ No newline at end of file
index 5b35b94..a3e6bd9 100644 (file)
@@ -1,3 +1,14 @@
+2015-02-25  Benjamin Poulain  <bpoulain@apple.com>
+
+        CodeBlock crashes when dumping op_push_name_scope
+        https://bugs.webkit.org/show_bug.cgi?id=141953
+
+        Reviewed by Filip Pizlo and Csaba Osztrogonác.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpBytecode):
+        * tests/stress/op-push-name-scope-crashes-profiler.js: Added.
+
 2015-02-25  Benjamin Poulain  <benjamin@webkit.org>
 
         Make ParserError immutable by design
 2015-02-25  Benjamin Poulain  <benjamin@webkit.org>
 
         Make ParserError immutable by design
index 438dd3c..ef0ad4e 100644 (file)
@@ -1445,12 +1445,11 @@ void CodeBlock::dumpBytecode(
         }
         case op_push_name_scope: {
             int dst = (++it)->u.operand;
         }
         case op_push_name_scope: {
             int dst = (++it)->u.operand;
-            int id0 = (++it)->u.operand;
             int r1 = (++it)->u.operand;
             int r1 = (++it)->u.operand;
-            unsigned attributes = (++it)->u.operand;
+            int k0 = (++it)->u.operand;
             JSNameScope::Type scopeType = (JSNameScope::Type)(++it)->u.operand;
             printLocationAndOp(out, exec, location, it, "push_name_scope");
             JSNameScope::Type scopeType = (JSNameScope::Type)(++it)->u.operand;
             printLocationAndOp(out, exec, location, it, "push_name_scope");
-            out.printf("%s, %s, %s, %u %s", registerName(dst).data(), idName(id0, identifier(id0)).data(), registerName(r1).data(), attributes, (scopeType == JSNameScope::FunctionNameScope) ? "functionScope" : ((scopeType == JSNameScope::CatchScope) ? "catchScope" : "unknownScopeType"));
+            out.printf("%s, %s, %s, %s", registerName(dst).data(), registerName(r1).data(), constantName(k0, getConstant(k0)).data(), (scopeType == JSNameScope::FunctionNameScope) ? "functionScope" : ((scopeType == JSNameScope::CatchScope) ? "catchScope" : "unknownScopeType"));
             break;
         }
         case op_catch: {
             break;
         }
         case op_catch: {
diff --git a/Source/JavaScriptCore/tests/stress/op-push-name-scope-crashes-profiler.js b/Source/JavaScriptCore/tests/stress/op-push-name-scope-crashes-profiler.js
new file mode 100644 (file)
index 0000000..42784f1
--- /dev/null
@@ -0,0 +1,17 @@
+//@ runProfiler
+function test() {
+    (function functionName() {
+        ++counter;
+        if (!arguments[0])
+            return;
+        eval("functionName(arguments[0] - 1, functionName, '' + functionName);");
+     })(arguments[0]);
+}
+
+for (var i = 0; i < 10000; ++i) {
+    counter = 0;
+    test(100);
+    if (counter !== 101) {
+        throw "Oops, test(100) = " + test(100) + ", expected 101.";
+    }
+}
\ No newline at end of file
index c837488..dcb316f 100644 (file)
@@ -1,3 +1,12 @@
+2015-02-25  Benjamin Poulain  <bpoulain@apple.com>
+
+        CodeBlock crashes when dumping op_push_name_scope
+        https://bugs.webkit.org/show_bug.cgi?id=141953
+
+        Reviewed by Filip Pizlo.
+
+        * Scripts/run-jsc-stress-tests:
+
 2015-02-25  Youenn Fablet  <youenn.fablet@crf.canon.fr>
 
         W3C test importer should use argparse instead of optparse
 2015-02-25  Youenn Fablet  <youenn.fablet@crf.canon.fr>
 
         W3C test importer should use argparse instead of optparse
index 95f3f97..529e9f1 100755 (executable)
@@ -725,7 +725,7 @@ def defaultNoEagerRun
 end
 
 def runProfiler
 end
 
 def runProfiler
-    if $remote
+    if $remote or ($architecture !~ /x86/i and $hostOS == "darwin") or ($hostOS == "windows")
         skip
         return
     end
         skip
         return
     end