WebKit Bugzilla
Attachment 357941 Details for
Bug 192981
: [JSC] Use appendUnbarriered for cached own keys
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-192981-20181221234859.patch (text/plain), 2.00 KB, created by
Yusuke Suzuki
on 2018-12-21 06:49:00 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2018-12-21 06:49:00 PST
Size:
2.00 KB
patch
obsolete
>Subversion Revision: 239502 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 5f116701d091550e6c534081df0c71a5382cc584..a4047fa95862e87a1d7caa050eac308c7a2765ce 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,18 @@ >+2018-12-21 Yusuke Suzuki <yusukesuzuki@slowstart.org> >+ >+ [JSC] Use appendUnbarriered for cached own keys >+ https://bugs.webkit.org/show_bug.cgi?id=192981 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ It seems unlikely now, but m_cachedOwnKeys would be changed to sentinel after >+ checking `thisObject->m_cachedOwnKeys.unvalidatedGet() != cachedOwnKeysSentinel()` >+ and before executing `visitor.append(thisObject->m_cachedOwnKeys)`. To make >+ the code safe, we should use appendUnbarriered to mark non sentinel cell. >+ >+ * runtime/StructureRareData.cpp: >+ (JSC::StructureRareData::visitChildren): >+ > 2018-12-20 Chris Dumez <cdumez@apple.com> > > Use Optional::hasValue() instead of Optional::has_value() >diff --git a/Source/JavaScriptCore/runtime/StructureRareData.cpp b/Source/JavaScriptCore/runtime/StructureRareData.cpp >index d0f7bd80c1c27d3d96110a8250421f65e0a8a972..d5606cd4105aca60de0f4aad855d24813149f0c7 100644 >--- a/Source/JavaScriptCore/runtime/StructureRareData.cpp >+++ b/Source/JavaScriptCore/runtime/StructureRareData.cpp >@@ -71,8 +71,9 @@ void StructureRareData::visitChildren(JSCell* cell, SlotVisitor& visitor) > visitor.append(thisObject->m_previous); > visitor.append(thisObject->m_objectToStringValue); > visitor.append(thisObject->m_cachedPropertyNameEnumerator); >- if (thisObject->m_cachedOwnKeys.unvalidatedGet() != cachedOwnKeysSentinel()) >- visitor.append(thisObject->m_cachedOwnKeys); >+ auto* cachedOwnKeys = thisObject->m_cachedOwnKeys.unvalidatedGet(); >+ if (cachedOwnKeys != cachedOwnKeysSentinel()) >+ visitor.appendUnbarriered(cachedOwnKeys); > } > > // ----------- Object.prototype.toString() helper watchpoint classes -----------
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=357941">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
saam
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 192981
: 357941