Changeset 73321 in webkit for trunk/JavaScriptCore/jit/ExecutableAllocator.h

Timestamp:

Dec 3, 2010, 6:05:56 PM (15 years ago)

Author:

[email protected]

Message:

2010-12-03 Oliver Hunt <​[email protected]>

Reviewed by Geoff Garen.

Incorrect logic for returning memory at the end of linking.
Reviewed by Geoff Garen.

At the end of linking we return any space at the end of the
allocated executable region that was saved due to branch
compaction. This is currently by done by subtracting the
different from the m_freePtr in the allocation pool. This
can be incorrect if your allocation was made from a new
page that was not selected for subsequent allocations.

This patch corrects this behaviour by verifying that the
memory being returned actually comes from the current
allocation pool.

• assembler/LinkBuffer.h: (JSC::LinkBuffer::linkCode):
• jit/ExecutableAllocator.h: (JSC::ExecutablePool::tryShrink):

File:

• trunk/JavaScriptCore/jit/ExecutableAllocator.h (modified) (1 diff)

trunk/JavaScriptCore/jit/ExecutableAllocator.h

@@ -138 +138 @@
     }
     
-    void returnLastBytes(size_t count)
-    {
-        m_freePtr -= count;
+    void tryShrink(void* allocation, size_t oldSize, size_t newSize)
+    {
+        if (static_cast<char*>(allocation) + oldSize != m_freePtr)
+            return;
+        m_freePtr = static_cast<char*>(allocation) + roundUpAllocationSize(newSize, sizeof(void*));
     }