WebKit Bugzilla
Attachment 348132 Details for
Bug 188917
: RELEASE_ASSERT at ../../Source/JavaScriptCore/heap/MarkedSpace.h:83
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-188917-20180827135723.patch (text/plain), 3.08 KB, created by
Keith Miller
on 2018-08-27 04:57:25 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Keith Miller
Created:
2018-08-27 04:57:25 PDT
Size:
3.08 KB
patch
obsolete
>Subversion Revision: 234897 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 4cd46816db50337e1e93f3101169be64d595fe61..319f44d95cd70c3b5647e2d0c277a3d11693825e 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,14 @@ >+2018-08-27 Keith Miller <keith_miller@apple.com> >+ >+ RELEASE_ASSERT at ../../Source/JavaScriptCore/heap/MarkedSpace.h:83 >+ https://bugs.webkit.org/show_bug.cgi?id=188917 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * ftl/FTLLowerDFGToB3.cpp: >+ (JSC::FTL::DFG::LowerDFGToB3::allocateHeapCell): >+ (JSC::FTL::DFG::LowerDFGToB3::allocatorForSize): >+ > 2018-08-15 Keith Miller <keith_miller@apple.com> > > Remove evernote hacks >diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >index 761687bb27aeb88d4d34d689a1ac619fece797d7..5868a696cbe584d6e21f936e38fa518e79f6542e 100644 >--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >@@ -12632,10 +12632,7 @@ private: > > if (actualAllocator.isConstant()) { > if (!actualAllocator.allocator()) { >- LBasicBlock haveAllocator = m_out.newBlock(); >- LBasicBlock lastNext = m_out.insertNewBlocksBefore(haveAllocator); >- m_out.jump(slowPath); >- m_out.appendTo(haveAllocator, lastNext); >+ crash(); > return m_out.intPtrZero; > } > } else { >@@ -12793,16 +12790,22 @@ private: > if (subspace->hasIntPtr() && size->hasIntPtr()) { > CompleteSubspace* actualSubspace = bitwise_cast<CompleteSubspace*>(subspace->asIntPtr()); > size_t actualSize = size->asIntPtr(); >- >- Allocator actualAllocator = actualSubspace->allocatorForNonVirtual(actualSize, AllocatorForMode::AllocatorIfExists); >- if (!actualAllocator) { >+ >+ auto jumpToSlow = [&] () { > LBasicBlock continuation = m_out.newBlock(); > LBasicBlock lastNext = m_out.insertNewBlocksBefore(continuation); > m_out.jump(slowPath); > m_out.appendTo(continuation, lastNext); > return m_out.intPtrZero; >- } >- >+ }; >+ >+ if (!actualSize) >+ return jumpToSlow(); >+ >+ Allocator actualAllocator = actualSubspace->allocatorForNonVirtual(actualSize, AllocatorForMode::AllocatorIfExists); >+ if (!actualAllocator) >+ return jumpToSlow(); >+ > return m_out.constIntPtr(actualAllocator.localAllocator()); > } > >@@ -12821,7 +12824,10 @@ private: > rarely(slowPath), usually(continuation)); > > m_out.appendTo(continuation, lastNext); >- >+ >+ void(*assertion)(size_t) = [] (size_t size) { dataLogLn(size); }; >+ m_out.call(Void, m_out.constIntPtr(assertion), sizeClassIndex); >+ > return m_out.loadPtr( > m_out.baseIndex( > m_heaps.CompleteSubspace_allocatorForSizeStep,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=348132">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 188917
:
348132
|
348133
|
348134
|
348137
|
348935
|
348952
|
348953