Commit 35490124 authored by barraclough@apple.com's avatar barraclough@apple.com

Change to keep returned pointer from malloc family functions to

quiet memory leak detect.  The pointer is saved in the new m_allocBase
member of the ArrayStorage structure.  This fixes the issue found in 
https://bugs.webkit.org/show_bug.cgi?id=43229.

Patch by Michael Saboff <msaboff@apple.com> on 2010-08-03
Reviewed by Gavin Barraclough.

As part of this change, we use m_allocBase when reallocating and
freeing the memory associated with ArrayStorage.

* runtime/JSArray.cpp:
(JSC::JSArray::JSArray):
(JSC::JSArray::~JSArray):
(JSC::JSArray::putSlowCase):
(JSC::JSArray::increaseVectorLength):
(JSC::JSArray::increaseVectorPrefixLength):
* runtime/JSArray.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64588 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 1e26ba56
2010-08-03 Michael Saboff <msaboff@apple.com>
Reviewed by Gavin Barraclough.
Change to keep returned pointer from malloc family functions to
quiet memory leak detect. The pointer is saved in the new m_allocBase
member of the ArrayStorage structure. This fixes the issue found in
https://bugs.webkit.org/show_bug.cgi?id=43229.
As part of this change, we use m_allocBase when reallocating and
freeing the memory associated with ArrayStorage.
* runtime/JSArray.cpp:
(JSC::JSArray::JSArray):
(JSC::JSArray::~JSArray):
(JSC::JSArray::putSlowCase):
(JSC::JSArray::increaseVectorLength):
(JSC::JSArray::increaseVectorPrefixLength):
* runtime/JSArray.h:
2010-08-03 Geoffrey Garen <ggaren@apple.com>
Try to fix Windows build: Don't use GCActivityCallbackCF on Windows, since
......
......@@ -2293,7 +2293,14 @@
isa = PBXProject;
buildConfigurationList = 149C277108902AFE008A9EFC /* Build configuration list for PBXProject "JavaScriptCore" */;
compatibilityVersion = "Xcode 2.4";
developmentRegion = English;
hasScannedForEncodings = 1;
knownRegions = (
English,
Japanese,
French,
German,
);
mainGroup = 0867D691FE84028FC02AAC07 /* JavaScriptCore */;
productRefGroup = 034768DFFF38A50411DB9C8B /* Products */;
projectDirPath = "";
......
......@@ -132,11 +132,14 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure)
unsigned initialCapacity = 0;
ArrayStorage* storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
storage->m_allocBase = storage;
m_indexBias = 0;
setArrayStorage(storage);
m_vectorLength = initialCapacity;
checkConsistency();
Heap::heap(this)->reportExtraMemoryCost(storageSize(0));
}
JSArray::JSArray(NonNullPassRefPtr<Structure> structure, unsigned initialLength, ArrayCreationMode creationMode)
......@@ -149,6 +152,7 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure, unsigned initialLength,
initialCapacity = min(BASE_VECTOR_LEN, MIN_SPARSE_ARRAY_INDEX);
ArrayStorage* storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
storage->m_allocBase = storage;
storage->m_length = initialLength;
m_indexBias = 0;
m_vectorLength = initialCapacity;
......@@ -176,7 +180,7 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure, unsigned initialLength,
checkConsistency();
Heap::heap(this)->reportExtraMemoryCost(initialCapacity * sizeof(JSValue));
Heap::heap(this)->reportExtraMemoryCost(storageSize(initialCapacity));
}
JSArray::JSArray(NonNullPassRefPtr<Structure> structure, const ArgList& list)
......@@ -185,6 +189,7 @@ JSArray::JSArray(NonNullPassRefPtr<Structure> structure, const ArgList& list)
unsigned initialCapacity = list.size();
ArrayStorage* storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
storage->m_allocBase = storage;
m_indexBias = 0;
storage->m_length = initialCapacity;
m_vectorLength = initialCapacity;
......@@ -215,8 +220,7 @@ JSArray::~JSArray()
ArrayStorage* storage = arrayStorage();
delete storage->m_sparseValueMap;
char* realStorage = reinterpret_cast<char*>(storage) - (m_indexBias * sizeof(JSValue));
fastFree(realStorage);
fastFree(storage->m_allocBase);
}
bool JSArray::getOwnPropertySlot(ExecState* exec, unsigned i, PropertySlot& slot)
......@@ -416,15 +420,15 @@ NEVER_INLINE void JSArray::putSlowCase(ExecState* exec, unsigned i, JSValue valu
}
}
int baseBias = m_indexBias * sizeof(JSValue);
char* baseStorage = reinterpret_cast<char*>(storage - baseBias);
void* baseStorage = storage->m_allocBase;
if (!tryFastRealloc(baseStorage, storageSize(newVectorLength + m_indexBias)).getValue(baseStorage)) {
throwOutOfMemoryError(exec);
return;
}
storage = reinterpret_cast<ArrayStorage*>(baseStorage + baseBias);
storage = reinterpret_cast<ArrayStorage*>(static_cast<char*>(baseStorage) + m_indexBias * sizeof(JSValue));
storage->m_allocBase = baseStorage;
setArrayStorage(storage);
unsigned vectorLength = m_vectorLength;
......@@ -567,13 +571,13 @@ bool JSArray::increaseVectorLength(unsigned newLength)
ASSERT(newLength > vectorLength);
ASSERT(newLength <= MAX_STORAGE_VECTOR_INDEX);
unsigned newVectorLength = getNewVectorLength(newLength);
int baseBias = m_indexBias * sizeof(JSValue);
char* baseStorage = reinterpret_cast<char*>(storage) - baseBias;
void* baseStorage = storage->m_allocBase;
if (!tryFastRealloc(baseStorage, storageSize(newVectorLength + m_indexBias)).getValue(baseStorage))
return false;
storage = reinterpret_cast<ArrayStorage*>(baseStorage + baseBias);
storage = reinterpret_cast<ArrayStorage*>(static_cast<char*>(baseStorage) + m_indexBias * sizeof(JSValue));
storage->m_allocBase = baseStorage;
setArrayStorage(storage);
JSValue* vector = m_vector;
......@@ -599,23 +603,22 @@ bool JSArray::increaseVectorPrefixLength(unsigned newLength)
ASSERT(newLength > vectorLength);
ASSERT(newLength <= MAX_STORAGE_VECTOR_INDEX);
unsigned newVectorLength = getNewVectorLength(newLength);
char* baseStorage = reinterpret_cast<char*>(storage) - (m_indexBias * sizeof(JSValue));
char* newBaseStorage = reinterpret_cast<char*>(fastMalloc(storageSize(newVectorLength + m_indexBias)));
void* newBaseStorage = fastMalloc(storageSize(newVectorLength + m_indexBias));
if (!newBaseStorage)
return false;
m_indexBias += newVectorLength - newLength;
int newStorageOffset = m_indexBias * sizeof(JSValue);
newStorage = reinterpret_cast<ArrayStorage*>(newBaseStorage + newStorageOffset);
newStorage = reinterpret_cast<ArrayStorage*>(static_cast<char*>(newBaseStorage) + m_indexBias * sizeof(JSValue));
memcpy(newStorage, storage, storageSize(0));
memcpy(&newStorage->m_vector[newLength - m_vectorLength], &storage->m_vector[0], storage->m_length * sizeof(JSValue));
newStorage->m_allocBase = newBaseStorage;
m_vectorLength = newLength;
fastFree(baseStorage);
fastFree(storage->m_allocBase);
setArrayStorage(newStorage);
......
......@@ -39,6 +39,7 @@ namespace JSC {
unsigned m_numValuesInVector;
SparseArrayValueMap* m_sparseValueMap;
void* subclassData; // A JSArray subclass can use this to fill the vector lazily.
void* m_allocBase; // Pointer to base address returned by malloc(). Keeping this pointer does eliminate false positives from the leak detector.
size_t reportedMapCapacity;
#if CHECK_ARRAY_CONSISTENCY
bool m_inCompactInitialization;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment