[webkit-changes] [286387] trunk/Source/JavaScriptCore

[keith_miller]

Title: [286387] trunk/Source/_javascript_Core

Revision

286387

Author

keith_mil...@apple.com

Date

2021-12-01 14:24:43 -0800 (Wed, 01 Dec 2021)

Log Message

Add static_assert the value we use to initialize a StructureID buffer should be 0.
https://bugs.webkit.org/show_bug.cgi?id=233720

Reviewed by Yusuke Suzuki.

Also, add static assert that the zero we are putting into the buffer
matches the default StructureID constructor.

* runtime/StructureChain.cpp:
(JSC::StructureChain::create):
* runtime/StructureID.h:
(JSC::StructureID::bits const):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/StructureChain.cpp
• trunk/Source/_javascript_Core/runtime/StructureID.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (286386 => 286387)

--- trunk/Source/_javascript_Core/ChangeLog	2021-12-01 22:02:06 UTC (rev 286386)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-12-01 22:24:43 UTC (rev 286387)
@@ -1,3 +1,18 @@
+2021-12-01  Keith Miller  <keith_mil...@apple.com>
+
+        Add static_assert the value we use to initialize a StructureID buffer should be 0.
+        https://bugs.webkit.org/show_bug.cgi?id=233720
+
+        Reviewed by Yusuke Suzuki.
+
+        Also, add static assert that the zero we are putting into the buffer
+        matches the default StructureID constructor.
+
+        * runtime/StructureChain.cpp:
+        (JSC::StructureChain::create):
+        * runtime/StructureID.h:
+        (JSC::StructureID::bits const):
+
 2021-12-01  Yusuke Suzuki  <ysuz...@apple.com>
 
         Unreviewed, use void* to suppress GCC warning

Modified: trunk/Source/_javascript_Core/runtime/StructureChain.cpp (286386 => 286387)

--- trunk/Source/_javascript_Core/runtime/StructureChain.cpp	2021-12-01 22:02:06 UTC (rev 286386)
+++ trunk/Source/_javascript_Core/runtime/StructureChain.cpp	2021-12-01 22:24:43 UTC (rev 286387)
@@ -49,6 +49,7 @@
     ++size; // Sentinel nullptr.
     size_t bytes = Checked<size_t>(size) * sizeof(StructureID);
     void* vector = vm.jsValueGigacageAuxiliarySpace().allocateNonVirtual(vm, bytes, nullptr, AllocationFailureMode::Assert);
+    static_assert(!StructureID().bits(), "Make sure the value we're going to memcpy below matches the default StructureID");
     memset(vector, 0, bytes);
     StructureChain* chain = new (NotNull, allocateCell<StructureChain>(vm)) StructureChain(vm, vm.structureChainStructure.get(), static_cast<StructureID*>(vector));
     chain->finishCreation(vm, head);

Modified: trunk/Source/_javascript_Core/runtime/StructureID.h (286386 => 286387)

--- trunk/Source/_javascript_Core/runtime/StructureID.h	2021-12-01 22:02:06 UTC (rev 286386)
+++ trunk/Source/_javascript_Core/runtime/StructureID.h	2021-12-01 22:24:43 UTC (rev 286387)
@@ -52,7 +52,7 @@
     explicit operator bool() const { return !!m_bits; }
     bool operator==(StructureID const& other) const  { return m_bits == other.m_bits; }
     bool operator!=(StructureID const& other) const  { return m_bits != other.m_bits; }
-    uint32_t bits() const { return m_bits; }
+    constexpr uint32_t bits() const { return m_bits; }
 
     StructureID(WTF::HashTableDeletedValueType) : m_bits(nukedStructureIDBit) { }
     bool isHashTableDeletedValue() const { return *this == StructureID(WTF::HashTableDeletedValue); }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes