[MERGE chakra-core#4965 @sethbrenith] Check that PropertyValueInfo refers to correct PolymorphicInlineCache when resizing

sethbrenith · sethbrenith · commit 11bc04643a49 · 2018-04-17T14:41:51.000-07:00
Merge pull request chakra-core#4965 from sethbrenith:user/sethb/check-polymorphic-cache A previous bug (which is already fixed) could lead to a case where we attempted to resize the wrong PolymorphicInlineCache instance. These new assertions make our assumptions more clear, and would have caught the problem upon first resize rather than only after the cache size passed its maximum. Fixes OS:16712443
diff --git a/lib/Runtime/Language/CacheOperators.inl b/lib/Runtime/Language/CacheOperators.inl
@@ -447,6 +447,7 @@ namespace Js
                 {
                     if (info->GetFunctionBody())
                     {
+                        Assert(polymorphicInlineCache == info->GetFunctionBody()->GetPolymorphicInlineCache(info->GetInlineCacheIndex()));
                         polymorphicInlineCache =
                             info->GetFunctionBody()->CreateBiggerPolymorphicInlineCache(
                                 info->GetInlineCacheIndex(),
@@ -455,6 +456,7 @@ namespace Js
                     else
                     {
                         Assert(!info->GetFunctionBody());
+                        Assert(polymorphicInlineCache == (IsRead ? info->GetPropertyRecordUsageCache()->GetLdElemInlineCache() : info->GetPropertyRecordUsageCache()->GetStElemInlineCache()));
                         polymorphicInlineCache = info->GetPropertyRecordUsageCache()->CreateBiggerPolymorphicInlineCache(IsRead);
                     }
                 }

Original file line number	Diff line number	Diff line change
`@@ -447,6 +447,7 @@ namespace Js`
`447`	`447`	`{`
`448`	`448`	`if (info->GetFunctionBody())`
`449`	`449`	`{`
	`450`	`+ Assert(polymorphicInlineCache == info->GetFunctionBody()->GetPolymorphicInlineCache(info->GetInlineCacheIndex()));`
`450`	`451`	`polymorphicInlineCache =`
`451`	`452`	`info->GetFunctionBody()->CreateBiggerPolymorphicInlineCache(`
`452`	`453`	`info->GetInlineCacheIndex(),`
`@@ -455,6 +456,7 @@ namespace Js`
`455`	`456`	`else`
`456`	`457`	`{`
`457`	`458`	`Assert(!info->GetFunctionBody());`
	`459`	`+ Assert(polymorphicInlineCache == (IsRead ? info->GetPropertyRecordUsageCache()->GetLdElemInlineCache() : info->GetPropertyRecordUsageCache()->GetStElemInlineCache()));`
`458`	`460`	`polymorphicInlineCache = info->GetPropertyRecordUsageCache()->CreateBiggerPolymorphicInlineCache(IsRead);`
`459`	`461`	`}`
`460`	`462`	`}`