131654 – emit_op_put_by_id should not emit a write barrier that filters on value

RESOLVED FIXED Bug 131654

emit_op_put_by_id should not emit a write barrier that filters on value

https://bugs.webkit.org/show_bug.cgi?id=131654

Summary emit_op_put_by_id should not emit a write barrier that filters on value

Mark Hahnenberg

Reported 2014-04-14 18:11:40 PDT

The 32-bit implementation does this, and it can cause crashes if we later repatch the code to allocate and store new Butterflies.

Attachments
Patch (3.56 KB, patch) 2014-04-14 18:15 PDT, Mark Hahnenberg	fpizlo: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Mark Hahnenberg

Comment 1 2014-04-14 18:15:20 PDT

Mark Hahnenberg

Comment 2 2014-04-14 18:17:25 PDT

Mark Lam

Comment 3 2014-04-14 18:35:34 PDT

Comment on attachment 229331 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=229331&action=review > Source/JavaScriptCore/ChangeLog:12 > + (JSC::JIT::emitWriteBarrier): We also weren't verify the base was a cell on 32-bit if /weren’t verify the/weren’t verifying that the/.

Filip Pizlo

Comment 4 2014-04-14 18:41:23 PDT

Comment on attachment 229331 [details] Patch R=me with MarkL's suggestion.

Mark Hahnenberg

Comment 5 2014-04-14 19:20:56 PDT

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Hahnenberg

Reported

2014-04-14 18:11 PDT

Modified

2014-04-14 19:20 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks