[Webkit-unassigned] [Bug 79191] [JSC] The end atom of the marked block should be considered to decide if the cell is live
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 7 16:34:29 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=79191
--- Comment #14 from hojong.han at samsung.com 2012-03-07 16:34:29 PST ---
(In reply to comment #12)
> (From update of attachment 128150 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=128150&action=review
>
> > Source/JavaScriptCore/heap/MarkedBlock.h:324
> > + if (atomNumber > m_endAtom) { // Filters pointers into invalid cells out of the range.
>
> You need to check ">=", not ">". See the definition of m_endAtom:
>
> size_t m_endAtom; // This is a fuzzy end. Always test for < m_endAtom.
>
> > Source/JavaScriptCore/heap/MarkedBlock.h:325
> > + ASSERT_NOT_REACHED();
>
> Your data say this condition is possible and not an error, so please remove this ASSERT.
I applied your review to the patch. Thank you very much.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list