nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/LayoutTests/js/typedarray-zero-size.html

11 lines
258 B
HTML
Raw Permalink Normal View History

JSArrayBufferViews of length 0 allocate 0 CopiedSpace bytes, which is invalid https://bugs.webkit.org/show_bug.cgi?id=123746 Reviewed by Geoffrey Garen. Source/JavaScriptCore: This patch disallows clients from allocating 0 bytes in CopiedSpace. We enforce this invariant with an ASSERT in C++ code and a breakpoint in JIT code. Clients who care about 0-byte allocations (like JSArrayBufferViews) must handle that case themselves, but we don't punish anybody else for the rare case that somebody decides to allocate a 0-length typed array. It also makes the allocation and copying cases consistent for CopiedSpace: no 0-byte allocations, no 0-byte copying. Also added a check so that JSArrayBufferViews don't try to copy their m_vector backing store when their length is 0. Also sprinkled several ASSERTs throughout the JSArrayBufferView code to make sure that when length is 0 m_vector is null. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileNewTypedArray): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage): * heap/CopiedSpaceInlines.h: (JSC::CopiedSpace::tryAllocate): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::create): * runtime/JSArrayBufferView.cpp: (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): * runtime/JSGenericTypedArrayViewInlines.h: (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): LayoutTests: Added a test to make sure that we don't crash when allocating a typed array with 0 length. * js/script-tests/typedarray-zero-size.js: Added. (foo): * js/typedarray-zero-size-expected.txt: Added. * js/typedarray-zero-size.html: Added. Canonical link: https://commits.webkit.org/141936@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@158583 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-11-04 19:52:04 +00:00
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<script src="../resources/js-test-pre.js"></script>
</head>
<body>
<script src="script-tests/typedarray-zero-size.js"></script>
<script src="../resources/js-test-post.js"></script>
</body>
</html>