[webkit-reviews] review granted: [Bug 203211] Fix issues when setting public length on ArrayWithContiguous type butterflies. : [Attachment 381468] proposed patch.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 21 16:28:33 PDT 2019
Keith Miller <keith_miller at apple.com> has granted Mark Lam
<mark.lam at apple.com>'s request for review:
Bug 203211: Fix issues when setting public length on ArrayWithContiguous type
butterflies.
https://bugs.webkit.org/show_bug.cgi?id=203211
Attachment 381468: proposed patch.
https://bugs.webkit.org/attachment.cgi?id=381468&action=review
--- Comment #5 from Keith Miller <keith_miller at apple.com> ---
Comment on attachment 381468
--> https://bugs.webkit.org/attachment.cgi?id=381468
proposed patch.
View in context: https://bugs.webkit.org/attachment.cgi?id=381468&action=review
r=me with comment on an existing but (I think)
> Source/JavaScriptCore/runtime/JSArray.cpp:946
> // Our memmoving of values around in the array could have concealed
some of them from
> // the collector. Let's make sure that the collector scans this
object again.
Doesn't memmove not guarantee anything about tearing while copying? That seems
like a different bug though.
More information about the webkit-reviews
mailing list