HashMap<Ref<P>, V> asserts when V is not zero for its empty value
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 15 Aug 2018 04:08:08 +0000 (04:08 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 15 Aug 2018 04:08:08 +0000 (04:08 +0000)
commit7f74962a32acac3a1e7214626334f02d07472324
treea645e506aaf16898ebbec842eeaffbeb38ddfe1d
parentdcb6f0e0e209d9a92651fde23a7f3417108eb137
HashMap<Ref<P>, V> asserts when V is not zero for its empty value
https://bugs.webkit.org/show_bug.cgi?id=188582

Reviewed by Sam Weinig.

Source/JavaScriptCore:

* runtime/SparseArrayValueMap.h:

Source/WTF:

The issue happened when we'd fill the hash table buffer with empty values. We
would iterate the buffer and invoke placement new with the incoming value being the
empty value. For Ref, this means that, we'd call its move constructor, which calls
leakRef(), which asserts that the Ref's pointer is not null. We'd like to keep
this assert since it catches bugs where you leakRef() more than once or WTFMove
an already moved Ref.

This patch fixes this issue by adding a new trait for constructing an empty
value. We use that in HashTable instead of directly calling placement new.

* wtf/HashTable.h:
(WTF::HashTableBucketInitializer<false>::initialize):
* wtf/HashTraits.h:
(WTF::GenericHashTraits::constructEmptyValue):
(WTF::HashTraits<Ref<P>>::constructEmptyValue):
(WTF::KeyValuePairHashTraits::constructEmptyValue):

Tools:

* TestWebKitAPI/Tests/WTF/HashMap.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@234879 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/SparseArrayValueMap.h
Source/WTF/ChangeLog
Source/WTF/wtf/HashTable.h
Source/WTF/wtf/HashTraits.h
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WTF/HashMap.cpp