Bug 226388 - Fix LikelyDenseUnsignedIntegerSet::clear()
Summary: Fix LikelyDenseUnsignedIntegerSet::clear()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Robin Morisset
URL:
Keywords: InRadar
Depends on: 226258
Blocks:
  Show dependency treegraph
 
Reported: 2021-05-28 11:53 PDT by Robin Morisset
Modified: 2021-05-28 13:17 PDT (History)
6 users (show)

See Also:

Attachments
Patch (2.81 KB, patch)
2021-05-28 12:02 PDT, Robin Morisset 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robin Morisset 2021-05-28 11:53:29 PDT 
There are two problems with it:
1) It calls BitVector::clearAll(), which does not free any memory.
Instead, it should call BitVector::~BitVector(), then do a placement new of a fresh BitVector (to get it back to its inline condition)
2) More problematically, it changes m_size before calling isBitVector() which relies crucially on the value of m_size.
So it is going to believe that it is in BitVector mode even when it is actually in HashSet mode.
Comment 1 Robin Morisset 2021-05-28 11:57:18 PDT 
rdar://78607433
Comment 2 Robin Morisset 2021-05-28 12:02:48 PDT 
Created attachment 430037 [details]
Patch
Comment 3 Mark Lam 2021-05-28 12:38:41 PDT 
Comment on attachment 430037 [details]
Patch

r=me
Comment 4 Robin Morisset 2021-05-28 13:05:39 PDT 
Comment on attachment 430037 [details]
Patch

Thanks for the review.
Landing this as the wincairo failure is very clearly unrelated.
Comment 5 EWS 2021-05-28 13:17:50 PDT 
Committed r278224 (238262@main): <https://commits.webkit.org/238262@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 430037 [details].