Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4d73bc11dd6c1f369b4e4b2e4457305d673605cc
https://github.com/WebKit/WebKit/commit/4d73bc11dd6c1f369b4e4b2e4457305d673605cc
Author: Sosuke Suzuki <[email protected]>
Date: 2026-06-05 (Fri, 05 Jun 2026)
Changed paths:
M Source/JavaScriptCore/heap/FreeListInlines.h
Log Message:
-----------
[JSC] `FreeList::forEach` interval assert should be bounded by
`MarkedBlock::blockSize`
https://bugs.webkit.org/show_bug.cgi?id=316385
Reviewed by Yusuke Suzuki.
FreeList::forEach asserts that a free-list interval is smaller than a
hardcoded 16 KB. The actual invariant is that an interval never spans
more than one MarkedBlock payload, and MarkedBlock::blockSize is
std::max(16 * KB, CeilingOnPageSize), which is 64 KB on platforms where
CeilingOnPageSize is 64 KB (e.g. USE(64KB_PAGE_BLOCK), used by Linux
distributions with 64 KiB pages such as RHEL on ARM64). On such
platforms, sweeping an empty block creates a single interval spanning
the whole payload, so the assertion fires spuriously on the first
MarkedBlock::Handle::stopAllocating in any ASSERT_ENABLED build.
Bound the assertion by MarkedBlock::blockSize instead. On platforms
where blockSize is 16 KB this compiles to the identical check.
* Source/JavaScriptCore/heap/FreeListInlines.h:
(JSC::FreeList::forEach const):
Canonical link: https://commits.webkit.org/314688@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
