Bug 154947

Summary: [JSC] JSCell_freeListNext and JSCell_structureID are considered not overlapping
Product: WebKit Reporter: Benjamin Poulain <benjamin>
Component: New BugsAssignee: Benjamin Poulain <benjamin>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fpizlo
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch for landing none

Benjamin Poulain
Reported 2016-03-02 18:34:13 PST
[JSC] JSCell_freeListNext and JSCell_structureID are considered not overlapping
Attachments
Patch (3.51 KB, patch)
2016-03-02 18:37 PST, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
Patch for landing (3.52 KB, patch)
2016-03-02 20:03 PST, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Benjamin Poulain
Comment 1 2016-03-02 18:37:58 PST
Created attachment 272717 [details] Patch
Filip Pizlo
Comment 2 2016-03-02 19:19:32 PST
Comment on attachment 272717 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=272717&action=review > Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h:57 > + macro(JSCell_header, OBJECT_OFFSETOF(MarkedBlock::FreeList, head)) \ I would change the offset to just 0. The reason why MarkedBlock::FreeList::head overlaps with JSCell::structure is that they are both the first thing in the cell. "0" really is the best way of saying that.
Benjamin Poulain
Comment 3 2016-03-02 20:03:52 PST
Created attachment 272723 [details] Patch for landing
WebKit Commit Bot
Comment 4 2016-03-02 21:29:08 PST
Comment on attachment 272723 [details] Patch for landing Clearing flags on attachment: 272723 Committed r197491: <http://trac.webkit.org/changeset/197491>
WebKit Commit Bot
Comment 5 2016-03-02 21:29:11 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.