[webkit-reviews] review granted: [Bug 186692] Properly zero unused property storage offsets : [Attachment 342854] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 15 16:17:55 PDT 2018
Geoffrey Garen <ggaren at apple.com> has granted Keith Miller
<keith_miller at apple.com>'s request for review:
Bug 186692: Properly zero unused property storage offsets
https://bugs.webkit.org/show_bug.cgi?id=186692
Attachment 342854: Patch
https://bugs.webkit.org/attachment.cgi?id=342854&action=review
--- Comment #7 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 342854
--> https://bugs.webkit.org/attachment.cgi?id=342854
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=342854&action=review
Test case please.
r=me with test case and fix for test time regression if needed.
> Source/JavaScriptCore/ChangeLog:12
> + or creating a RegExp matches array we never cleared the unused
array, we never clear
> Source/JavaScriptCore/runtime/ObjectInitializationScope.cpp:94
> + for (int64_t i = 0; i <
static_cast<int64_t>(structure->outOfLineCapacity()); i++) {
> + // We rely on properties past the last offset be zero for concurrent
GC.
> + if (i + firstOutOfLineOffset > structure->lastOffset())
> + ASSERT(!butterfly->propertyStorage()[-i - 1].get());
> + else if (isScribbledValue(butterfly->propertyStorage()[-i -
1].get())) {
> + dataLogLn("Found scribbled property at i = ", -i - 1);
> + ASSERT_NOT_REACHED();
> + }
> + }
If this increases debug test time too much, you need to find a way to do this
assertion conditionally.
More information about the webkit-reviews
mailing list