Closed
Bug 630039
Opened 13 years ago
Closed 13 years ago
fixing JSScript size static asserts
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: igor, Assigned: igor)
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file, 1 obsolete file)
1.74 KB,
patch
|
dmandelin
:
review+
|
Details | Diff | Splinter Review |
Currently JSScript uses 8-bit offsets to access optional arrays of objects, regexps etc. But on a 64 bit CPU if all arrays are present then in a debug build the offset for JSConstArray array exceeds 255. This was not detected previously since the static assert that was supposed to check that was not updated to include the new arrays that was added to JSScript. The attached patch fixes the assert and with it SM no longer builds.
Assignee | ||
Comment 1•13 years ago
|
||
The bug in its initial form is invalid since the code nowdays uses (this + 1) + offset to get into the array. Thus the size of the script does not matter, we just need to update the static assert to check that the sum of all array sizes is less then JSScript::INVALID_OFFSET.
Summary: JSScript should be trimmed or use 16 bit offsets for optional arrays → fixing JSScript size static asserts
Assignee | ||
Comment 2•13 years ago
|
||
Assignee: general → igor
Attachment #508254 -
Attachment is obsolete: true
Attachment #508258 -
Flags: review?
Assignee | ||
Updated•13 years ago
|
Attachment #508258 -
Flags: review? → review?(dmandelin)
Updated•13 years ago
|
Attachment #508258 -
Flags: review?(dmandelin) → review+
Assignee | ||
Comment 3•13 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/df86b2068da5
Whiteboard: fixed-in-tracemonkey
Comment 4•13 years ago
|
||
cdleary-bot mozilla-central merge info: http://hg.mozilla.org/mozilla-central/rev/df86b2068da5
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•