[v8-dev] Better fix for MemoryChunk::owner(). (issue 12096089)

Thu, 31 Jan 2013 07:25:25 -0800 

Reviewers: Jakob,

Message:
Jakob: PTAL

Description:
Better fix for MemoryChunk::owner().

Pointer arithmetic such as "owner_ - kFailureTag" is undefined behaviour
unless owner_ points to a valid object.

This allowed Clang to assume the subtraction would never be NULL,
causing problems in the caller (see https://codereview.chromium.org/12090072/). 

To fix this, we should cast owner_ to intptr_t before doing the
arithmetic.


Please review this at https://codereview.chromium.org/12096089/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files:
  M src/spaces.h
  M src/spaces.cc


Index: src/spaces.cc
diff --git a/src/spaces.cc b/src/spaces.cc
index f3c5a08c5e1cc29d2a9590d194f5120789a5a44b..711cde1c662c0c6c59d7148c2e6dec21f8f878f4 100644 
--- a/src/spaces.cc
+++ b/src/spaces.cc
@@ -711,7 +711,7 @@ LargePage* MemoryAllocator::AllocateLargePage(intptr_t object_size, 

 void MemoryAllocator::Free(MemoryChunk* chunk) {
   LOG(isolate_, DeleteEvent("MemoryChunk", chunk));
-  if (chunk->has_owner()) {
+  if (chunk->owner() != NULL) {
     ObjectSpace space =
         static_cast<ObjectSpace>(1 << chunk->owner()->identity());
     PerformAllocationCallback(space, kAllocationActionFree, chunk->size());
Index: src/spaces.h
diff --git a/src/spaces.h b/src/spaces.h
index 354aa114b3390fc3c03c8b5e9f3ba0eebe5f3e12..07daacfdf63d7c530f9694544435a4c1275121fc 100644 
--- a/src/spaces.h
+++ b/src/spaces.h
@@ -320,7 +320,8 @@ class MemoryChunk {
   Space* owner() const {
     if ((reinterpret_cast<intptr_t>(owner_) & kFailureTagMask) ==
         kFailureTag) {
-      return reinterpret_cast<Space*>(owner_ - kFailureTag);
+      return reinterpret_cast<Space*>(reinterpret_cast<intptr_t>(owner_) -
+                                      kFailureTag);
     } else {
       return NULL;
     }
@@ -333,14 +334,6 @@ class MemoryChunk {
            kFailureTag);
   }
- // Workaround for a bug in Clang-3.3 which in some situations optimizes away 
-  // an "if (chunk->owner() != NULL)" check.
-  bool has_owner() {
-    if (owner_ == 0) return false;
-    if (reinterpret_cast<intptr_t>(owner_) == kFailureTag) return false;
-    return true;
-  }
-
   VirtualMemory* reserved_memory() {
     return &reservation_;
   }


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to