diff --git a/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp b/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp index 945eb4535bfd..1e19f48e7558 100644 --- a/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp +++ b/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp @@ -171,9 +171,18 @@ void PolymorphicCallStubRoutine::clearCallNodesFor(CallLinkInfo*) bool PolymorphicCallStubRoutine::visitWeakImpl(VM& vm) { bool isStillLive = true; - forEachDependentCell([&](JSCell* cell) { - isStillLive &= vm.heap.isMarked(cell); - }); + for (unsigned i = 0, size = std::size(trailingSpan()) - 1; i < size; ++i) { + auto& slot = trailingSpan()[i]; + if (!slot.m_calleeOrExecutable) { + isStillLive = false; + continue; + } + if (!vm.heap.isMarked(slot.m_calleeOrExecutable)) { + slot = CallSlot(); + isStillLive = false; + continue; + } + } return isStillLive; } diff --git a/Source/JavaScriptCore/runtime/ScriptExecutable.cpp b/Source/JavaScriptCore/runtime/ScriptExecutable.cpp index e51a5934a0d1..1d8604cf16c9 100644 --- a/Source/JavaScriptCore/runtime/ScriptExecutable.cpp +++ b/Source/JavaScriptCore/runtime/ScriptExecutable.cpp @@ -120,8 +120,19 @@ void ScriptExecutable::installCode(CodeBlock* codeBlock) void ScriptExecutable::installCode(VM& vm, CodeBlock* genericCodeBlock, CodeType codeType, CodeSpecializationKind kind, Profiler::JettisonReason reason) { - if (genericCodeBlock) + if (genericCodeBlock) { CODEBLOCK_LOG_EVENT(genericCodeBlock, "installCode", ()); + switch (reason) { + case Profiler::JettisonReason::JettisonDueToWeakReference: + case Profiler::JettisonReason::JettisonDueToOldAge: { + if (genericCodeBlock && !vm.heap.isMarked(genericCodeBlock)) + genericCodeBlock = nullptr; + break; + } + default: + break; + } + } CodeBlock* oldCodeBlock = nullptr; @@ -198,17 +209,6 @@ void ScriptExecutable::installCode(VM& vm, CodeBlock* genericCodeBlock, CodeType debugger->registerCodeBlock(genericCodeBlock); } - switch (reason) { - case Profiler::JettisonReason::JettisonDueToWeakReference: - case Profiler::JettisonReason::JettisonDueToOldAge: { - if (genericCodeBlock && !vm.heap.isMarked(genericCodeBlock)) - genericCodeBlock = nullptr; - break; - } - default: - break; - } - if (oldCodeBlock) oldCodeBlock->unlinkOrUpgradeIncomingCalls(vm, genericCodeBlock); diff --git a/Source/JavaScriptCore/runtime/ScriptExecutableInlines.h b/Source/JavaScriptCore/runtime/ScriptExecutableInlines.h index bbb72680ca19..500c236a71de 100644 --- a/Source/JavaScriptCore/runtime/ScriptExecutableInlines.h +++ b/Source/JavaScriptCore/runtime/ScriptExecutableInlines.h @@ -32,17 +32,23 @@ namespace JSC { inline void ScriptExecutable::finalizeCodeBlockEdge(VM& vm, WriteBarrier& codeBlockEdge) { - auto* codeBlock = codeBlockEdge.get(); - if (!codeBlock) - return; + for (;;) { + auto* codeBlock = codeBlockEdge.get(); + if (!codeBlock) + return; + + if (vm.heap.isMarked(codeBlock)) + return; - if (!vm.heap.isMarked(codeBlock)) { if (codeBlock->shouldJettisonDueToWeakReference(vm)) codeBlock->jettison(Profiler::JettisonDueToWeakReference); else codeBlock->jettison(Profiler::JettisonDueToOldAge); - if (codeBlock == codeBlockEdge.get()) + + if (codeBlock == codeBlockEdge.get()) { codeBlockEdge.clear(); + return; + } } }