Closed Bug 630039 Opened 9 years ago Closed 9 years ago

fixing JSScript size static asserts

Categories

(Core :: JavaScript Engine, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: igor, Assigned: igor)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file, 1 obsolete file)

Attached patch updated assert (obsolete) — Splinter Review
Currently JSScript uses 8-bit offsets to access optional arrays of objects, regexps etc. But on a 64 bit CPU if all arrays are present then in a debug build the offset for JSConstArray array exceeds 255. This was not detected previously since the static assert that was supposed to check that was not updated to include the new arrays that was added to JSScript.

The attached patch fixes the assert and with it SM no longer builds.
The bug in its initial form is invalid since the code nowdays uses (this + 1) + offset to get into the array. Thus the size of the script does not matter, we just need to update the static assert to check that the sum of all array sizes is less then JSScript::INVALID_OFFSET.
Summary: JSScript should be trimmed or use 16 bit offsets for optional arrays → fixing JSScript size static asserts
Attached patch updated assertSplinter Review
Assignee: general → igor
Attachment #508254 - Attachment is obsolete: true
Attachment #508258 - Flags: review?
Attachment #508258 - Flags: review? → review?(dmandelin)
Attachment #508258 - Flags: review?(dmandelin) → review+
http://hg.mozilla.org/tracemonkey/rev/df86b2068da5
Whiteboard: fixed-in-tracemonkey
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.