Closed
Bug 717762
Opened 14 years ago
Closed 14 years ago
Proliferate js_memcpy and PodCopy
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla12
People
(Reporter: cdleary, Assigned: cdleary)
References
Details
Attachments
(1 file, 1 obsolete file)
|
40.93 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
I think it'd be nice to have a js_memcpy(dst, src, len) that asserts that src does not fall in the range [dst, dst + len) and use it throughout the engine.
This passes locally, pushing to try.
Attachment #588188 -
Flags: review?(luke)
|
||
Comment 1•14 years ago
|
||
Comment on attachment 588188 [details] [diff] [review]
Make js_memcpy and use it in a bunch of places.
>+static JS_ALWAYS_INLINE void *
>+js_memcpy(void *dst, const void *src, size_t len)
>+{
>+ /* Check that src is not in [dst, dst + len). */
>+ JS_ASSERT(!(dst <= src && src < (char *) dst + len));
>+ return memcpy(dst, src, len);
>+}
I think non-overlapping-ness wants an even stronger assert, say, like the one in PodCopy:
>@@ -316,17 +324,17 @@ PodCopy(T *dst, const T *src, size_t nel
> /* Cannot find portable word-sized abs(). */
> JS_ASSERT_IF(dst >= src, size_t(dst - src) >= nelem);
> JS_ASSERT_IF(src >= dst, size_t(src - dst) >= nelem);
Second, it looks like a lot (but not all) of these memcpy uses could be PodCopy instead (avoiding the sizeof(T) computation). Could you switch them since you are touching all these lines anyway?
|
Assignee | |
Comment 2•14 years ago
|
||
Now with PodAssign and a bunch of PodCopy's!
Attachment #588188 -
Attachment is obsolete: true
Attachment #588188 -
Flags: review?(luke)
Attachment #588229 -
Flags: review?(luke)
|
|
||
Comment 3•14 years ago
|
||
Comment on attachment 588229 [details] [diff] [review]
Make js_memcpy and use it in a bunch of places.
r+ with more PodCopy/PodAssign in TradeGuts and JSScript::NewScriptFromEmitter (if possible) and with verification that the generated asm isn't any worse.
Attachment #588229 -
Flags: review?(luke) → review+
|
|
Assignee | |
Comment 4•14 years ago
|
||
Target Milestone: --- → mozilla12
|
|
Assignee | |
Updated•14 years ago
|
Summary: Make js_memcpy for bounds checking → Proliferate js_memcpy and PodCopy
|
|
Assignee | |
Comment 5•14 years ago
|
||
Target Milestone: mozilla12 → ---
|
|
Assignee | |
Comment 6•14 years ago
|
||
Target Milestone: --- → mozilla12
|
||
Comment 7•14 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•