[Webkit-unassigned] [Bug 101940] StructureStubInfo should NOT be movable
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 12 15:21:16 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=101940
Filip Pizlo <fpizlo at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #4 from Filip Pizlo <fpizlo at apple.com> 2012-11-12 15:23:00 PST ---
(In reply to comment #3)
> (In reply to comment #2)
> > (From update of attachment 173691 [details] [details])
> > Wouldn't it be easier to just use a SegmentedVector?
>
> yeah. I just saw m_llintCallLinkInfos is a SegmentedVector. But probably I would have to leave StructureStubInfo copyable otherwise it won't build. I'm trying to go through similar issues, and I noticed that this one is probably unsafe, too:
>
> Vector<GlobalResolveInfo> m_globalResolveInfos;
>
> It seems a GlobalResolveInfo's address can be hard-coded in JIT executable. This might explain an occasional crash I saw where a JIT executable read garbage from a hard-coded address. Will post another patch after going through these Vectors
Actually, that reminds me. This is all safe because we only grab the addresses of StructureStubInfo's and GlobalResolveInfo's (and all of those others) after we're done appending (and resizing) the relevant vectors.
So, unless you can find an example where we append after emitting code (and creating watchpoints, and doing other things that grab pointers to those vector elements), I'm going to close as Resolved/Invalid.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list