Bug 226388

Summary: Fix LikelyDenseUnsignedIntegerSet::clear()
Product: WebKit Reporter: Robin Morisset <rmorisset>
Component: JavaScriptCoreAssignee: Robin Morisset <rmorisset>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, cdumez, cmarcelo, ews-watchlist, mark.lam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 226258    
Bug Blocks:    
Attachments:
Description Flags
Patch none

Description Robin Morisset 2021-05-28 11:53:29 PDT 
There are two problems with it:
1) It calls BitVector::clearAll(), which does not free any memory.
Instead, it should call BitVector::~BitVector(), then do a placement new of a fresh BitVector (to get it back to its inline condition)
2) More problematically, it changes m_size before calling isBitVector() which relies crucially on the value of m_size.
So it is going to believe that it is in BitVector mode even when it is actually in HashSet mode.
Comment 1 Robin Morisset 2021-05-28 11:57:18 PDT 
rdar://78607433
Comment 2 Robin Morisset 2021-05-28 12:02:48 PDT 
Created attachment 430037 [details]
Patch
Comment 3 Mark Lam 2021-05-28 12:38:41 PDT 
Comment on attachment 430037 [details]
Patch

r=me
Comment 4 Robin Morisset 2021-05-28 13:05:39 PDT 
Comment on attachment 430037 [details]
Patch

Thanks for the review.
Landing this as the wincairo failure is very clearly unrelated.
Comment 5 EWS 2021-05-28 13:17:50 PDT 
Committed r278224 (238262@main): <https://commits.webkit.org/238262@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 430037 [details].