Closed
Bug 659989
Opened 13 years ago
Closed 13 years ago
Policy overflow with mmgc-demo
Categories
(Tamarin Graveyard :: Garbage Collection (mmGC), defect)
Tamarin Graveyard
Garbage Collection (mmGC)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: treilly, Unassigned)
Details
Attachments
(1 file, 1 obsolete file)
|
1.40 KB,
patch
|
pnkfelix
:
review+
lhansen
:
superreview+
|
Details | Diff | Splinter Review |
Encountered this in my convoluted demo code: hg.mozilla.org/users/treilly_adobe.com/mmgc-demo spot fix patch attached
|
Reporter | |
Updated•13 years ago
|
Attachment #535369 -
Attachment is patch: true
|
|
Reporter | |
Comment 1•13 years ago
|
||
The failure here is this (maybe new?) assert:
GCAssert(minorAllocationBudget > 0);
|
||
Comment 2•13 years ago
|
||
(I want to look further into this to understand what scenarios we would end up with such an enormous value for A(). But I'm fine with the patch Tom attached, in part because I was peeking over his shoulder when he wrote it.)
|
|
Reporter | |
Updated•13 years ago
|
Attachment #535369 -
Flags: superreview?(lhansen)
Attachment #535369 -
Flags: review?(fklockii)
|
|
||
Comment 3•13 years ago
|
||
(In reply to comment #2) > (I want to look further into this to understand what scenarios we would end > up with such an enormous value for A(). But I'm fine with the patch Tom > attached, in part because I was peeking over his shoulder when he wrote it.) On further reflection, I'm not sure we want to do it this way: Do we know that INT_MAX is always 32-bit and not a int64_t? (Because if it were the max int64_t, then we could fall back into the same problem of making a negative minorAllocationBudget in the int32_t cast.)
|
|
||
Comment 4•13 years ago
|
||
Comment on attachment 535369 [details] [diff] [review] check for int overflow R- until I'm convinced that INT_MAX is reliably the 32-bit maximum and not the 64-bit one.
Attachment #535369 -
Flags: review?(fklockii) → review-
|
|
||
Comment 5•13 years ago
|
||
After reading over http://en.wikipedia.org/wiki/Limits.h I'm willing to believe that INT_MAX could be reliable, even though the standard does not dictate that it must be so. I think I would be satisfied if the patch were extended with: STATIC_ASSERT(INT_MAX == int64_t(int32_t(INT_MAX)));
|
||
Comment 6•13 years ago
|
||
(In reply to comment #4) > R- until I'm convinced that INT_MAX is reliably the 32-bit maximum and not > the 64-bit one. It's not like the maximum for a 32-bit signed integer is gonna vary... s/INT_MAX/0x7fffffff/
|
||
Comment 7•13 years ago
|
||
Comment on attachment 535369 [details] [diff] [review] check for int overflow Canceling SR until Felix is happy.
Attachment #535369 -
Flags: superreview?(lhansen)
|
|
Reporter | |
Comment 8•13 years ago
|
||
Attachment #535369 -
Attachment is obsolete: true
Attachment #538892 -
Flags: superreview?(lhansen)
Attachment #538892 -
Flags: review?(fklockii)
|
|
||
Comment 9•13 years ago
|
||
Comment on attachment 538892 [details] [diff] [review] With safety belt count me satisfied!
Attachment #538892 -
Flags: review?(fklockii) → review+
|
|
||
Updated•13 years ago
|
Attachment #538892 -
Flags: superreview?(lhansen) → superreview+
|
|
Reporter | |
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
||
Comment 10•13 years ago
|
||
changeset: 6428:f73c7c31ab1b user: Tommy Reilly <treilly@adobe.com> summary: Bug 659989 - Fix policy overflow on double to int conversion, clamp to MAX_INT (r=fklockii,sr=lhansen) http://hg.mozilla.org/tamarin-redux/rev/f73c7c31ab1b
You need to log in
before you can comment on or make changes to this bug.
Description
•