Bug 201345

Summary: Fix a bug in SlotVisitor::reportZappedCellAndCrash() and also capture more information.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, msaboff, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch.
none
proposed patch. ysuzuki: review+

Description Mark Lam 2019-08-30 10:42:05 PDT
...
Comment 1 Mark Lam 2019-08-30 13:53:35 PDT
Created attachment 377745 [details]
proposed patch.
Comment 2 Mark Lam 2019-08-30 13:56:15 PDT
Created attachment 377747 [details]
proposed patch.
Comment 3 Radar WebKit Bug Importer 2019-08-30 13:56:33 PDT
<rdar://problem/54895384>
Comment 4 Yusuke Suzuki 2019-08-30 14:02:14 PDT
Comment on attachment 377747 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=377747&action=review

r=me

> Source/JavaScriptCore/heap/SlotVisitor.cpp:-829
> -    uint32_t* cellWords = reinterpret_cast_ptr<uint32_t*>(this);

Fun!

> Source/JavaScriptCore/heap/SlotVisitor.cpp:835
> +    uint64_t headerWord = cellWords[0];
> +    uint64_t zapReasonAndMore = cellWords[1];

Looks nice extension. At least, we can access 16bytes :)
Comment 5 Mark Lam 2019-08-30 14:18:54 PDT
Thanks for the review.  Landed in r249345: <http://trac.webkit.org/r249345>.