WebKit Bugzilla
Attachment 343133 Details for
Bug 186830
: Fix broken assertion on 32-bit
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186830-20180619224451.patch (text/plain), 1.73 KB, created by
Keith Miller
on 2018-06-19 22:44:52 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Keith Miller
Created:
2018-06-19 22:44:52 PDT
Size:
1.73 KB
patch
obsolete
>Subversion Revision: 233001 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 7ce090990729cb1ac42a8f347dc692a279da3612..c0a1908747fd13d207ff1c6b19b1d036ad0ceb99 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,16 @@ >+2018-06-19 Keith Miller <keith_miller@apple.com> >+ >+ Fix broken assertion on 32-bit >+ https://bugs.webkit.org/show_bug.cgi?id=186830 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This was intended to catch concurrent GC issues we don't run them on 32-bit >+ so we don't need this assertion there. >+ >+ * runtime/JSObjectInlines.h: >+ (JSC::JSObject::prepareToPutDirectWithoutTransition): >+ > 2018-06-19 Keith Miller <keith_miller@apple.com> > > flattenDictionaryStructure needs to zero properties that have been compressed away >diff --git a/Source/JavaScriptCore/runtime/JSObjectInlines.h b/Source/JavaScriptCore/runtime/JSObjectInlines.h >index ba480e39edc25a5be13aed280dd6ef1dc42aa790..352dd79a34751ace7ddf577078d85ae54b1cce2d 100644 >--- a/Source/JavaScriptCore/runtime/JSObjectInlines.h >+++ b/Source/JavaScriptCore/runtime/JSObjectInlines.h >@@ -203,7 +203,11 @@ ALWAYS_INLINE PropertyOffset JSObject::prepareToPutDirectWithoutTransition(VM& v > setStructureIDDirectly(structureID); > } else > structure->setLastOffset(newLastOffset); >- ASSERT(!getDirect(offset)); >+ >+ // This assertion verifies that the concurrent GC won't read garbage if the concurrentGC >+ // is running at the same time we put without transitioning. >+ if (is64Bit()) >+ ASSERT(getDirect(offset)); > result = offset; > }); > return result;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343133">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186830
:
343133
|
343134