Commit 62292722 authored by mhahnenberg@apple.com's avatar mhahnenberg@apple.com

CodeCache::m_capacity can becoming negative, producing undefined results in pruneSlowCase

https://bugs.webkit.org/show_bug.cgi?id=113453

Reviewed by Geoffrey Garen.

* runtime/CodeCache.cpp:
(JSC::CodeCacheMap::pruneSlowCase): We make sure that m_minCapacity doesn't drop below zero now.
This prevents m_capacity from doing the same.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@147017 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 7d2e626c
2013-03-27 Mark Hahnenberg <mhahnenberg@apple.com>
CodeCache::m_capacity can becoming negative, producing undefined results in pruneSlowCase
https://bugs.webkit.org/show_bug.cgi?id=113453
Reviewed by Geoffrey Garen.
* runtime/CodeCache.cpp:
(JSC::CodeCacheMap::pruneSlowCase): We make sure that m_minCapacity doesn't drop below zero now.
This prevents m_capacity from doing the same.
2013-03-27 Filip Pizlo <fpizlo@apple.com>
DFG should use CheckStructure for typed array checks whenever possible
......
......@@ -40,7 +40,7 @@ const double CodeCacheMap::workingSetTime = 10.0;
void CodeCacheMap::pruneSlowCase()
{
m_minCapacity = m_size - m_sizeAtLastPrune;
m_minCapacity = std::max(m_size - m_sizeAtLastPrune, 0LL);
m_sizeAtLastPrune = m_size;
m_timeAtLastPrune = monotonicallyIncreasingTime();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment