Bug 174921

Summary:

Put the ScopedArgumentsTable's ScopeOffset array in some gigacage

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

buildbot, ggaren, jfbastien, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

174917

Attachments:

Description	Flags
the patch	none
the patch	none
the patch	none
the patch	none
the patch	mark.lam: review+

Filip Pizlo

Reported 2017-07-27 19:44:18 PDT

There's an argument to be made in favor of any of them.

Attachments
the patch (21.78 KB, patch) 2017-08-12 22:22 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (20.33 KB, patch) 2017-08-12 23:02 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (20.39 KB, patch) 2017-08-13 11:47 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (19.09 KB, patch) 2017-08-13 15:48 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (19.10 KB, patch) 2017-08-14 09:53 PDT, Filip Pizlo	mark.lam: review+	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2017-08-12 22:22:45 PDT

Created attachment 318003 [details] the patch

Filip Pizlo

Comment 2 2017-08-12 23:02:57 PDT

Created attachment 318004 [details] the patch

Build Bot

Comment 3 2017-08-12 23:06:12 PDT

Attachment 318004 [details] did not pass style-queue: ERROR: Source/WTF/wtf/CagedUniquePtr.h:84: Should be indented on a separate line, with the colon or comma first on that line. [whitespace/indent] [4] ERROR: Source/WTF/wtf/CagedUniquePtr.h:135: Should be indented on a separate line, with the colon or comma first on that line. [whitespace/indent] [4] Total errors found: 2 in 13 files If any of these errors are false positives, please file a bug against check-webkit-style.

Filip Pizlo

Comment 4 2017-08-13 11:47:50 PDT

Created attachment 318012 [details] the patch

Build Bot

Comment 5 2017-08-13 11:50:31 PDT

Attachment 318012 [details] did not pass style-queue: ERROR: Source/WTF/wtf/CagedUniquePtr.h:84: Should be indented on a separate line, with the colon or comma first on that line. [whitespace/indent] [4] ERROR: Source/WTF/wtf/CagedUniquePtr.h:135: Should be indented on a separate line, with the colon or comma first on that line. [whitespace/indent] [4] Total errors found: 2 in 13 files If any of these errors are false positives, please file a bug against check-webkit-style.

Filip Pizlo

Comment 6 2017-08-13 15:48:46 PDT

Created attachment 318016 [details] the patch Fix windows.

Build Bot

Comment 7 2017-08-13 15:51:12 PDT

Attachment 318016 [details] did not pass style-queue: ERROR: Source/WTF/wtf/CagedUniquePtr.h:84: Should be indented on a separate line, with the colon or comma first on that line. [whitespace/indent] [4] ERROR: Source/WTF/wtf/CagedUniquePtr.h:135: Should be indented on a separate line, with the colon or comma first on that line. [whitespace/indent] [4] Total errors found: 2 in 13 files If any of these errors are false positives, please file a bug against check-webkit-style.

Filip Pizlo

Comment 8 2017-08-14 09:53:14 PDT

Created attachment 318043 [details] the patch

Build Bot

Comment 9 2017-08-14 09:56:03 PDT

Attachment 318043 [details] did not pass style-queue: ERROR: Source/WTF/wtf/CagedUniquePtr.h:84: Should be indented on a separate line, with the colon or comma first on that line. [whitespace/indent] [4] ERROR: Source/WTF/wtf/CagedUniquePtr.h:135: Should be indented on a separate line, with the colon or comma first on that line. [whitespace/indent] [4] Total errors found: 2 in 13 files If any of these errors are false positives, please file a bug against check-webkit-style.

Mark Lam

Comment 10 2017-08-14 10:09:22 PDT

Comment on attachment 318043 [details] the patch r=me

JF Bastien

Comment 11 2017-08-14 10:13:51 PDT

Comment on attachment 318043 [details] the patch iew in context: https://bugs.webkit.org/attachment.cgi?id=318043&action=review r=me > Source/WTF/wtf/CagedUniquePtr.h:82 > +class CagedUniquePtr<kind, T[], typename std::enable_if<std::is_trivially_destructible<T>::value>::type> : public CagedPtr<kind, T> { It's neat that you don't need the size here! :D > Source/WTF/wtf/CagedUniquePtr.h:104 > + new (result + count) T(std::forward<Arguments>(arguments)...); I think you want to construct in increasing order. That's usually what C++ containers do, and it's observable by the values being constructed. > Source/WTF/wtf/CagedUniquePtr.h:133 > +class CagedUniquePtr<kind, T[], typename std::enable_if<!std::is_trivially_destructible<T>::value>::type> : public CagedPtr<kind, T> { This inherits CagedPtr's operator== but does the wrong with by not comparing m_count. That should never be an issue because you shouldn't be able to have to unique pointers to the same base, but different sizes. Right? > Source/WTF/wtf/CagedUniquePtr.h:157 > + new (result + count) T(std::forward<Arguments>(arguments)...); Ditto, construct in increasing order. > Source/WTF/wtf/CagedUniquePtr.h:183 > + this->m_ptr[m_count].~T(); This reverse order destruction is good though. > Source/WTF/wtf/Gigacage.cpp:127 > + if (checkedSize.hasOverflowed()) UNLIKELY

Filip Pizlo

Comment 12 2017-08-14 11:29:17 PDT

(In reply to JF Bastien from comment #11) > Comment on attachment 318043 [details] > the patch > > iew in context: > https://bugs.webkit.org/attachment.cgi?id=318043&action=review > > r=me > > > Source/WTF/wtf/CagedUniquePtr.h:82 > > +class CagedUniquePtr<kind, T[], typename std::enable_if<std::is_trivially_destructible<T>::value>::type> : public CagedPtr<kind, T> { > > It's neat that you don't need the size here! :D > > > Source/WTF/wtf/CagedUniquePtr.h:104 > > + new (result + count) T(std::forward<Arguments>(arguments)...); > > I think you want to construct in increasing order. That's usually what C++ > containers do, and it's observable by the values being constructed. I'll leave it for now. I already tested it this way, and I don't think that any of our code cares. > > > Source/WTF/wtf/CagedUniquePtr.h:133 > > +class CagedUniquePtr<kind, T[], typename std::enable_if<!std::is_trivially_destructible<T>::value>::type> : public CagedPtr<kind, T> { > > This inherits CagedPtr's operator== but does the wrong with by not comparing > m_count. That should never be an issue because you shouldn't be able to have > to unique pointers to the same base, but different sizes. Right? Right! I think it's "correct" but I put in a FIXME and cited https://bugs.webkit.org/show_bug.cgi?id=175541 > > > Source/WTF/wtf/CagedUniquePtr.h:157 > > + new (result + count) T(std::forward<Arguments>(arguments)...); > > Ditto, construct in increasing order. > > > Source/WTF/wtf/CagedUniquePtr.h:183 > > + this->m_ptr[m_count].~T(); > > This reverse order destruction is good though. > > > Source/WTF/wtf/Gigacage.cpp:127 > > + if (checkedSize.hasOverflowed()) > > UNLIKELY

Filip Pizlo

Comment 13 2017-08-14 11:33:31 PDT

Landed in https://trac.webkit.org/changeset/220712/webkit

Radar WebKit Bug Importer

Comment 14 2017-08-14 11:34:45 PDT

<rdar://problem/33879627>

Note You need to log in before you can comment on or make changes to this bug.