Bug 126188 - CStack: Fix JSStack::grow(), shrink(), growSlowCase(), and setStackLimit().
Summary: CStack: Fix JSStack::grow(), shrink(), growSlowCase(), and setStackLimit().
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords:
Depends on:
Blocks: 125849
  Show dependency treegraph
 
Reported: 2013-12-23 16:15 PST by Mark Lam
Modified: 2014-01-13 17:58 PST (History)
5 users (show)

See Also:

Attachments
the patch. (5.72 KB, patch)
2013-12-23 16:17 PST, Mark Lam 		ggaren: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2013-12-23 16:15:07 PST 
These functions were inappropriately mixing "end" and "top" pointer idioms.  Specifically:

1. growSlowCase() was comparing a newEnd pointer against m_commitTop, and using this to compute the size that the stack needs to grow.

2. shrink() was wrongly computing excess capacity by subtracting baseOfStack() (which is at high memory) from m_commitTop (which points to lower memory). Also, baseOfStack() is an "end" pointer while m_commitTop is a "top" pointer. This is a mismatch.

To fix this and simplify the code a bit, I changed all of these functions to take a newTopOfStack pointer instead of a newEnd pointer, and adjusted their callers where needed to pass the appropropriate pointer values.
Comment 1 Mark Lam 2013-12-23 16:17:48 PST 
Created attachment 219939 [details]
the patch.
Comment 2 Mark Lam 2013-12-23 16:22:21 PST 
Landed in r161036 on the jsCStack branch: <http://trac.webkit.org/r161036>.
Comment 3 Geoffrey Garen 2014-01-13 17:43:20 PST 
Comment on attachment 219939 [details]
the patch.

r=me
Comment 4 Mark Lam 2014-01-13 17:58:32 PST 
Thanks.  Review status updated in r161934 on the jsCStack branch: <http://trac.webkit.org/r161934>.