Changeset 230432 in webkit
- Timestamp:
- Apr 9, 2018 8:46:50 AM (6 years ago)
- Location:
- releases/WebKitGTK/webkit-2.20/Source/JavaScriptCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
runtime/JSArray.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
releases/WebKitGTK/webkit-2.20/Source/JavaScriptCore/ChangeLog
r230423 r230432 1 2018-04-03 Filip Pizlo <fpizlo@apple.com> 2 3 JSArray::appendMemcpy seems to be missing a barrier 4 https://bugs.webkit.org/show_bug.cgi?id=184290 5 6 Reviewed by Mark Lam. 7 8 If you write to an array that may contain pointers and you didn't just allocate it, then you need to 9 barrier right after. 10 11 I don't know if this is really a bug - it's possible that all callers of appendMemcpy do things that 12 obviate the need for this barrier. But these barriers are cheap, so we should do them if in doubt. 13 14 * runtime/JSArray.cpp: 15 (JSC::JSArray::appendMemcpy): 16 1 17 2018-03-31 Filip Pizlo <fpizlo@apple.com> 2 18 -
releases/WebKitGTK/webkit-2.20/Source/JavaScriptCore/runtime/JSArray.cpp
r230422 r230432 555 555 } else if (type == ArrayWithDouble) 556 556 memcpy(butterfly()->contiguousDouble().data() + startIndex, otherArray->butterfly()->contiguousDouble().data(), sizeof(JSValue) * otherLength); 557 else 557 else { 558 558 memcpy(butterfly()->contiguous().data() + startIndex, otherArray->butterfly()->contiguous().data(), sizeof(JSValue) * otherLength); 559 vm.heap.writeBarrier(this); 560 } 559 561 560 562 return true;
Note: See TracChangeset
for help on using the changeset viewer.
