Changeset 254491 in webkit
- Timestamp:
- Jan 13, 2020 9:24:58 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r254480 r254491 1 2020-01-13 Keith Miller <keith_miller@apple.com> 2 3 scanSideState scans too much side state 4 https://bugs.webkit.org/show_bug.cgi?id=206166 5 6 Reviewed by Tadeu Zagallo. 7 8 * stress/checkpoint-side-state-gc-tmps-overflow.js: Added. 9 (v8): 10 1 11 2020-01-13 Saam Barati <sbarati@apple.com> 2 12 -
trunk/Source/JavaScriptCore/ChangeLog
r254480 r254491 1 2020-01-13 Keith Miller <keith_miller@apple.com> 2 3 scanSideState scans too much side state 4 https://bugs.webkit.org/show_bug.cgi?id=206166 5 6 Reviewed by Tadeu Zagallo. 7 8 The old code would would scan tmps + sizeof(tmps) but sizeof(tmps) 9 is not the length of the array. instead we should scan tmps + 10 maxNumCheckpointTmps. 11 12 * interpreter/CheckpointOSRExitSideState.h: 13 * runtime/VM.cpp: 14 (JSC::VM::scanSideState const): 15 1 16 2020-01-13 Saam Barati <sbarati@apple.com> 2 17 -
trunk/Source/JavaScriptCore/interpreter/CheckpointOSRExitSideState.h
r254166 r254491 36 36 37 37 BytecodeIndex bytecodeIndex; 38 JSValue tmps[maxNumCheckpointTmps] ;38 JSValue tmps[maxNumCheckpointTmps] { }; 39 39 }; 40 40 -
trunk/Source/JavaScriptCore/runtime/VM.cpp
r254464 r254491 1067 1067 void VM::scanSideState(ConservativeRoots& roots) const 1068 1068 { 1069 for (const auto& iter : m_checkpointSideState) 1070 roots.add(iter.value->tmps, iter.value->tmps + sizeof(iter.value->tmps)); 1069 ASSERT(heap.mutatorState() != MutatorState::Running); 1070 for (const auto& iter : m_checkpointSideState) { 1071 static_assert(sizeof(iter.value->tmps) / sizeof(JSValue) == maxNumCheckpointTmps); 1072 roots.add(iter.value->tmps, iter.value->tmps + maxNumCheckpointTmps); 1073 } 1071 1074 } 1072 1075 #endif
Note: See TracChangeset
for help on using the changeset viewer.