WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
68746
wtf/BitVector.h has a variety of bugs which manifest when the vector grows beyond 63 bits
https://bugs.webkit.org/show_bug.cgi?id=68746
Summary
wtf/BitVector.h has a variety of bugs which manifest when the vector grows be...
Filip Pizlo
Reported
2011-09-23 17:49:13 PDT
- The number of bytes that need to be malloc'd is miscomputed. - The index into the uintptr_t* is miscomputed. - resize() sometimes exits too early. - Far too much code is inline, when it could be trivially out-of-line.
Attachments
the patch
(16.87 KB, patch)
2011-09-23 17:54 PDT
,
Filip Pizlo
oliver
: review+
Details
Formatted Diff
Diff
the patch - fix style, review
(16.45 KB, patch)
2011-09-23 18:33 PDT
,
Filip Pizlo
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Filip Pizlo
Comment 1
2011-09-23 17:54:47 PDT
Created
attachment 108570
[details]
the patch
WebKit Review Bot
Comment 2
2011-09-23 17:56:50 PDT
Attachment 108570
[details]
did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/ChangeLog', u'Source..." exit_code: 1 Source/JavaScriptCore/wtf/BitVector.h:143: The parameter name "outOfLineBits" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 1 in 8 files If any of these errors are false positives, please file a bug against check-webkit-style.
Oliver Hunt
Comment 3
2011-09-23 18:00:08 PDT
Comment on
attachment 108570
[details]
the patch View in context:
https://bugs.webkit.org/attachment.cgi?id=108570&action=review
r=me, but it would be worth considering whether ensureSize() should be inline or outline before landing
> Source/JavaScriptCore/wtf/BitVector.h:79 > - void ensureSize(size_t numBits) > - { > - if (numBits <= size()) > - return; > - resizeOutOfLine(numBits); > - } > + void ensureSize(size_t numBits);
Do you really want to take ensureSize out of line? you already have resizeOutOfLine so it seems overkill to hoist the entire function out
Filip Pizlo
Comment 4
2011-09-23 18:02:36 PDT
(In reply to
comment #3
)
> (From update of
attachment 108570
[details]
) > View in context:
https://bugs.webkit.org/attachment.cgi?id=108570&action=review
> > r=me, but it would be worth considering whether ensureSize() should be inline or outline before landing > > > Source/JavaScriptCore/wtf/BitVector.h:79 > > - void ensureSize(size_t numBits) > > - { > > - if (numBits <= size()) > > - return; > > - resizeOutOfLine(numBits); > > - } > > + void ensureSize(size_t numBits); > > Do you really want to take ensureSize out of line? you already have resizeOutOfLine so it seems overkill to hoist the entire function out
That's a really good point. I'll change that so that ensureSize() inlines the trivial path, and land.
Filip Pizlo
Comment 5
2011-09-23 18:33:01 PDT
Created
attachment 108573
[details]
the patch - fix style, review This is the patch I intend to land manually once I finish running the last batch of tests.
Filip Pizlo
Comment 6
2011-09-23 18:36:58 PDT
It appears that this is a speed-up on a few benchmarks, presumably because previously we had corrupt liveness settings and OSR would fail spuriously. I cannot find any other change in behavior, since any bugs arising from a corrupt OSR bitvector would be horribly annoying to track down.
Filip Pizlo
Comment 7
2011-09-23 19:07:22 PDT
Landed in
r95895
.
Darin Adler
Comment 8
2011-09-23 20:24:29 PDT
Comment on
attachment 108570
[details]
the patch View in context:
https://bugs.webkit.org/attachment.cgi?id=108570&action=review
> Source/JavaScriptCore/wtf/BitVector.cpp:38 > + (*this) = other;
No need for these parentheses.
> Source/JavaScriptCore/wtf/BitVector.cpp:41 > +BitVector& BitVector::operator=(const BitVector& other)
It’s normally considered better style to write a swap function and a copy constructor and build the assignment operator from the copy constructor instead of the other way around. Easier to get rid too.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug