[webkit-changes] [122208] trunk/Source/JavaScriptCore

Tue, 10 Jul 2012 02:36:20 -0700

Title: [122208] trunk/Source/_javascript_Core
Revision
122208
Author
[email protected]
Date
2012-07-10 02:36:13 -0700 (Tue, 10 Jul 2012)

Log Message

REGRESSION(r122166): It made 170 tests crash on 32 bit platforms
https://bugs.webkit.org/show_bug.cgi?id=90852

Patch by Filip Pizlo <[email protected]> on 2012-07-10
Reviewed by Zoltan Herczeg.

If we can't use the range filter, we should still make sure that the
address is remotely sane, otherwise the hashtables will assert.

* jit/JITStubRoutine.h:
(JSC::JITStubRoutine::passesFilter):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (122207 => 122208)


--- trunk/Source/_javascript_Core/ChangeLog	2012-07-10 09:32:21 UTC (rev 122207)
+++ trunk/Source/_javascript_Core/ChangeLog	2012-07-10 09:36:13 UTC (rev 122208)
@@ -1,5 +1,18 @@
 2012-07-10  Filip Pizlo  <[email protected]>
 
+        REGRESSION(r122166): It made 170 tests crash on 32 bit platforms
+        https://bugs.webkit.org/show_bug.cgi?id=90852
+
+        Reviewed by Zoltan Herczeg.
+        
+        If we can't use the range filter, we should still make sure that the
+        address is remotely sane, otherwise the hashtables will assert.
+
+        * jit/JITStubRoutine.h:
+        (JSC::JITStubRoutine::passesFilter):
+
+2012-07-10  Filip Pizlo  <[email protected]>
+
         DFG recompilation heuristics should be based on count, not rate
         https://bugs.webkit.org/show_bug.cgi?id=90146

Modified: trunk/Source/_javascript_Core/jit/JITStubRoutine.h (122207 => 122208)


--- trunk/Source/_javascript_Core/jit/JITStubRoutine.h	2012-07-10 09:32:21 UTC (rev 122207)
+++ trunk/Source/_javascript_Core/jit/JITStubRoutine.h	2012-07-10 09:36:13 UTC (rev 122208)
@@ -130,8 +130,11 @@
     }
     static bool passesFilter(uintptr_t address)
     {
-        if (!canPerformRangeFilter())
-            return true;
+        if (!canPerformRangeFilter()) {
+            // Just check that the address doesn't use any special values that would make
+            // our hashtables upset.
+            return address >= jitAllocationGranule && address != std::numeric_limits<uintptr_t>::max();
+        }
         
         if (address - filteringStartAddress() >= filteringExtentSize())
             return false;

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to