Bug 200148

Summary: [JSC] Use unalignedLoad for JSRopeString fiber accesses
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch mark.lam: review+

Yusuke Suzuki
Reported 2019-07-25 18:46:59 PDT
[JSC] Use unalignedLoad for JSRopeString fiber accesses
Attachments
Patch (3.45 KB, patch)
2019-07-25 18:48 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (3.58 KB, patch)
2019-07-25 19:59 PDT, Yusuke Suzuki 		mark.lam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2019-07-25 18:48:15 PDT
Created attachment 374930 [details] Patch
Yusuke Suzuki
Comment 2 2019-07-25 19:59:10 PDT
Created attachment 374934 [details] Patch
Mark Lam
Comment 3 2019-07-25 21:06:51 PDT
Comment on attachment 374934 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=374934&action=review r=me > Source/JavaScriptCore/heap/MarkedBlock.h:305 > + // Some of JSCell types assume that the last JSCell in a MarkedBlock has a subsequent memory region (Footer) that can still safely accesible. /accesible/accessed/ > Source/JavaScriptCore/heap/MarkedBlock.h:306 > + // For example, JSRopeString assumes that it can safely access some subsquent bytes of JSRopeString cell. I suggest rephrasing "some subsquent bytes of JSRopeString cell" as "up to 2 bytes beyond the JSRopeString cell".
Yusuke Suzuki
Comment 4 2019-07-25 21:42:23 PDT
Comment on attachment 374934 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=374934&action=review >> Source/JavaScriptCore/heap/MarkedBlock.h:305 >> + // Some of JSCell types assume that the last JSCell in a MarkedBlock has a subsequent memory region (Footer) that can still safely accesible. > > /accesible/accessed/ Fixed. >> Source/JavaScriptCore/heap/MarkedBlock.h:306 >> + // For example, JSRopeString assumes that it can safely access some subsquent bytes of JSRopeString cell. > > I suggest rephrasing "some subsquent bytes of JSRopeString cell" as "up to 2 bytes beyond the JSRopeString cell". Fixed.
Yusuke Suzuki
Comment 5 2019-07-25 21:58:13 PDT
Committed r247854: <https://trac.webkit.org/changeset/247854>
Radar WebKit Bug Importer
Comment 6 2019-07-25 21:59:26 PDT
<rdar://problem/53574198>
Note You need to log in before you can comment on or make changes to this bug.