Changeset 233697 in webkit
- Timestamp:
- Jul 10, 2018, 1:47:07 PM (7 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
runtime/ObjectInitializationScope.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
TabularUnified trunk/Source/JavaScriptCore/ChangeLog ¶
r233690 r233697 1 2018-07-10 Mark Lam <mark.lam@apple.com> 2 3 [32-bit JSC tests] ASSERTION FAILED: !butterfly->propertyStorage()[-I - 1].get() under JSC::ObjectInitializationScope::verifyPropertiesAreInitialized. 4 https://bugs.webkit.org/show_bug.cgi?id=187362 5 <rdar://problem/42027210> 6 7 Reviewed by Saam Barati. 8 9 On 32-bit targets, a 0 valued JSValue is not the empty JSValue, but it is a valid 10 value to use for initializing unused properties. Updated an assertion to account 11 for this. 12 13 * runtime/ObjectInitializationScope.cpp: 14 (JSC::ObjectInitializationScope::verifyPropertiesAreInitialized): 15 1 16 2018-07-10 Michael Saboff <msaboff@apple.com> 2 17 -
TabularUnified trunk/Source/JavaScriptCore/runtime/ObjectInitializationScope.cpp ¶
r232951 r233697 84 84 } 85 85 86 auto isSafeEmptyValueForGCScanning = [] (JSValue value) { 87 #if USE(JSVALUE64) 88 return !value; 89 #else 90 return !value || !JSValue::encode(value); 91 #endif 92 }; 93 86 94 for (int64_t i = 0; i < static_cast<int64_t>(structure->outOfLineCapacity()); i++) { 87 95 // We rely on properties past the last offset be zero for concurrent GC. 88 96 if (i + firstOutOfLineOffset > structure->lastOffset()) 89 ASSERT( !butterfly->propertyStorage()[-i - 1].get());97 ASSERT(isSafeEmptyValueForGCScanning(butterfly->propertyStorage()[-i - 1].get())); 90 98 else if (isScribbledValue(butterfly->propertyStorage()[-i - 1].get())) { 91 99 dataLogLn("Found scribbled property at i = ", -i - 1);
Note:
See TracChangeset
for help on using the changeset viewer.
