Octane/splay can leak memory due to stray pointers on the stack when run from the...
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 8 Oct 2017 01:10:19 +0000 (01:10 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 8 Oct 2017 01:10:19 +0000 (01:10 +0000)
commit9f7631f679a977ca350473b2cb8593b0b04e4639
tree2f252237b9d227e1ae9937b3f8ea69a7780a5154
parent2c9ed76e3e5db067ad49200d81e2f67afc7fcfd6
Octane/splay can leak memory due to stray pointers on the stack when run from the command line
https://bugs.webkit.org/show_bug.cgi?id=178054

Reviewed by Saam Barati.

This throws in a bunch of sanitize calls. It fixes the problem. It's also performance-neutral. In
most cases, calling the sanitize function is O(1), because it doesn't have anything to do if the stack
height stays relatively constant.

* dfg/DFGOperations.cpp:
* dfg/DFGTierUpCheckInjectionPhase.cpp:
(JSC::DFG::TierUpCheckInjectionPhase::run):
* ftl/FTLOSREntry.cpp:
* heap/Heap.cpp:
(JSC::Heap::runCurrentPhase):
* heap/MarkedAllocatorInlines.h:
(JSC::MarkedAllocator::tryAllocate):
(JSC::MarkedAllocator::allocate):
* heap/Subspace.cpp:
(JSC::Subspace::tryAllocateSlow):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::sanitizeStackInline):
* jit/ThunkGenerators.cpp:
(JSC::slowPathFor):
* runtime/VM.h:
(JSC::VM::addressOfLastStackTop):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@223024 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/dfg/DFGTierUpCheckInjectionPhase.cpp
Source/JavaScriptCore/ftl/FTLOSREntry.cpp
Source/JavaScriptCore/heap/Heap.cpp
Source/JavaScriptCore/heap/MarkedAllocatorInlines.h
Source/JavaScriptCore/heap/Subspace.cpp
Source/JavaScriptCore/jit/AssemblyHelpers.cpp
Source/JavaScriptCore/jit/AssemblyHelpers.h
Source/JavaScriptCore/jit/ThunkGenerators.cpp
Source/JavaScriptCore/runtime/VM.h