RELEASE_ASSERT at ../../Source/JavaScriptCore/heap/MarkedSpace.h:83
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 5 Sep 2018 20:38:35 +0000 (20:38 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 5 Sep 2018 20:38:35 +0000 (20:38 +0000)
commitf5ec503cd0b60607b6b9fe4b76c3a99d64fd5a42
treeec3500dcb14ca9b8e28ec324539dbf9a3c50a3d6
parentdd409d667b3607893ada0de0af53d2808d01e9c1
RELEASE_ASSERT at ../../Source/JavaScriptCore/heap/MarkedSpace.h:83
https://bugs.webkit.org/show_bug.cgi?id=188917

Reviewed by Mark Lam.

Our allocators should be able to handle allocating a zero-sized object.
Zero-sized objects will be allocated into the smallest size class.

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewTypedArrayWithSize):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::allocatorForSize):
* heap/MarkedSpace.h:
(JSC::MarkedSpace::sizeClassToIndex):
(JSC::MarkedSpace::indexToSizeClass):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitAllocateVariableSized):
* runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235685 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Source/JavaScriptCore/heap/MarkedSpace.cpp
Source/JavaScriptCore/heap/MarkedSpace.h
Source/JavaScriptCore/jit/AssemblyHelpers.cpp
Source/JavaScriptCore/runtime/JSArrayBufferView.cpp