Changeset 92146 in webkit


Ignore:
Timestamp:
Aug 1, 2011 3:09:24 PM (13 years ago)
Author:
fpizlo@apple.com
Message:

REGRESSION(r92092): Build fails on 64 bit
https://bugs.webkit.org/show_bug.cgi?id=65458

Reviewed by Oliver Hunt.

The build was broken because some compilers were smart enough to see
an array index out of bounds due to the decision fuction for when to
go from precise size classes to imprecise size classes being broken:
it would assume that sizes in the range 97..128 belonged to a precise
size class when in fact they belonged to an imprecise one.

In fact, the code would have run correctly, by way of a fluke, because
though the 4th precise size class (for 97..128) didn't exist, the next
array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
its first entry would have been a size class that is appropriate for
allocations in the range 97..128. However, this relies on specific
ordering of fields in NewSpace, so it's still a bug.

This fixes the bug by ensuring that allocations larger than 96 use
the imprecise size classes.

  • heap/NewSpace.h:

(JSC::NewSpace::sizeClassFor):

Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r92093 r92146  
     12011-08-01  Filip Pizlo  <fpizlo@apple.com>
     2
     3        REGRESSION(r92092): Build fails on 64 bit
     4        https://bugs.webkit.org/show_bug.cgi?id=65458
     5
     6        Reviewed by Oliver Hunt.
     7       
     8        The build was broken because some compilers were smart enough to see
     9        an array index out of bounds due to the decision fuction for when to
     10        go from precise size classes to imprecise size classes being broken:
     11        it would assume that sizes in the range 97..128 belonged to a precise
     12        size class when in fact they belonged to an imprecise one.
     13       
     14        In fact, the code would have run correctly, by way of a fluke, because
     15        though the 4th precise size class (for 97..128) didn't exist, the next
     16        array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
     17        its first entry would have been a size class that is appropriate for
     18        allocations in the range 97..128.  However, this relies on specific
     19        ordering of fields in NewSpace, so it's still a bug.
     20       
     21        This fixes the bug by ensuring that allocations larger than 96 use
     22        the imprecise size classes.
     23
     24        * heap/NewSpace.h:
     25        (JSC::NewSpace::sizeClassFor):
     26
    1272011-07-31  Gavin Barraclough  <barraclough@apple.com>
    228
  • trunk/Source/JavaScriptCore/heap/NewSpace.h

    r91039 r92146  
    8282        static const size_t preciseStep = MarkedBlock::atomSize;
    8383        static const size_t preciseCutoff = 128;
     84        static const size_t maximumPreciseAllocationSize = preciseCutoff - preciseStep;
    8485        static const size_t preciseCount = preciseCutoff / preciseStep - 1;
    8586
     
    114115    {
    115116        ASSERT(bytes && bytes < maxCellSize);
    116         if (bytes < preciseCutoff)
     117        if (bytes <= maximumPreciseAllocationSize)
    117118            return m_preciseSizeClasses[(bytes - 1) / preciseStep];
    118119        return m_impreciseSizeClasses[(bytes - 1) / impreciseStep];
Note: See TracChangeset for help on using the changeset viewer.