Bug 154947

Summary: [JSC] JSCell_freeListNext and JSCell_structureID are considered not overlapping
Product: WebKit Reporter: Benjamin Poulain <benjamin>
Component: New BugsAssignee: Benjamin Poulain <benjamin>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fpizlo
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch for landing none

Description Benjamin Poulain 2016-03-02 18:34:13 PST 
[JSC] JSCell_freeListNext and JSCell_structureID are considered not overlapping
Comment 1 Benjamin Poulain 2016-03-02 18:37:58 PST 
Created attachment 272717 [details]
Patch
Comment 2 Filip Pizlo 2016-03-02 19:19:32 PST 
Comment on attachment 272717 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=272717&action=review

> Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h:57
> +    macro(JSCell_header, OBJECT_OFFSETOF(MarkedBlock::FreeList, head)) \

I would change the offset to just 0.  The reason why MarkedBlock::FreeList::head overlaps with JSCell::structure is that they are both the first thing in the cell.  "0" really is the best way of saying that.
Comment 3 Benjamin Poulain 2016-03-02 20:03:52 PST 
Created attachment 272723 [details]
Patch for landing
Comment 4 WebKit Commit Bot 2016-03-02 21:29:08 PST 
Comment on attachment 272723 [details]
Patch for landing

Clearing flags on attachment: 272723

Committed r197491: <http://trac.webkit.org/changeset/197491>
Comment 5 WebKit Commit Bot 2016-03-02 21:29:11 PST 
All reviewed patches have been landed.  Closing bug.