Bug 201345 - Fix a bug in SlotVisitor::reportZappedCellAndCrash() and also capture more information.
Summary: Fix a bug in SlotVisitor::reportZappedCellAndCrash() and also capture more in...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-08-30 10:42 PDT by Mark Lam
Modified: 2019-08-30 14:18 PDT (History)
7 users (show)

See Also:

Attachments
proposed patch. (4.30 KB, patch)
2019-08-30 13:53 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
proposed patch. (4.43 KB, patch)
2019-08-30 13:56 PDT, Mark Lam 		ysuzuki: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2019-08-30 10:42:05 PDT 
...
Comment 1 Mark Lam 2019-08-30 13:53:35 PDT 
Created attachment 377745 [details]
proposed patch.
Comment 2 Mark Lam 2019-08-30 13:56:15 PDT 
Created attachment 377747 [details]
proposed patch.
Comment 3 Radar WebKit Bug Importer 2019-08-30 13:56:33 PDT 
<rdar://problem/54895384>
Comment 4 Yusuke Suzuki 2019-08-30 14:02:14 PDT 
Comment on attachment 377747 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=377747&action=review

r=me

> Source/JavaScriptCore/heap/SlotVisitor.cpp:-829
> -    uint32_t* cellWords = reinterpret_cast_ptr<uint32_t*>(this);

Fun!

> Source/JavaScriptCore/heap/SlotVisitor.cpp:835
> +    uint64_t headerWord = cellWords[0];
> +    uint64_t zapReasonAndMore = cellWords[1];

Looks nice extension. At least, we can access 16bytes :)
Comment 5 Mark Lam 2019-08-30 14:18:54 PDT 
Thanks for the review.  Landed in r249345: <http://trac.webkit.org/r249345>.