Bug 131654 - emit_op_put_by_id should not emit a write barrier that filters on value
Summary: emit_op_put_by_id should not emit a write barrier that filters on value
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Hahnenberg
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-14 18:11 PDT by Mark Hahnenberg
Modified: 2014-04-14 19:20 PDT (History)
0 users

See Also:

Attachments
Patch (3.56 KB, patch)
2014-04-14 18:15 PDT, Mark Hahnenberg 		fpizlo: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Hahnenberg 2014-04-14 18:11:40 PDT 
The 32-bit implementation does this, and it can cause crashes if we later repatch the code to allocate and store new Butterflies.
Comment 1 Mark Hahnenberg 2014-04-14 18:15:20 PDT 
Created attachment 229331 [details]
Patch
Comment 2 Mark Hahnenberg 2014-04-14 18:17:25 PDT 
<rdar://problem/16513604>
Comment 3 Mark Lam 2014-04-14 18:35:34 PDT 
Comment on attachment 229331 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=229331&action=review

> Source/JavaScriptCore/ChangeLog:12
> +        (JSC::JIT::emitWriteBarrier): We also weren't verify the base was a cell on 32-bit if 

/weren’t verify the/weren’t verifying that the/.
Comment 4 Filip Pizlo 2014-04-14 18:41:23 PDT 
Comment on attachment 229331 [details]
Patch

R=me with MarkL's suggestion.
Comment 5 Mark Hahnenberg 2014-04-14 19:20:56 PDT 
Committed r167288: <http://trac.webkit.org/changeset/167288>