JSRopeString should use release asserts, not debug asserts, about substring bounds
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 28 Jun 2016 21:03:15 +0000 (21:03 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 28 Jun 2016 21:03:15 +0000 (21:03 +0000)
https://bugs.webkit.org/show_bug.cgi?id=159227

Reviewed by Saam Barati.

According to my experiments this change costs nothing.  That's not surprising since the
most common way to construct a rope these days is inlined into the JIT, which does its own
safety checks.  This makes us crash sooner rather than corrupting memory.

* runtime/JSString.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202585 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSString.h

index e3d264e..75be523 100644 (file)
@@ -1,3 +1,16 @@
+2016-06-28  Filip Pizlo  <fpizlo@apple.com>
+
+        JSRopeString should use release asserts, not debug asserts, about substring bounds
+        https://bugs.webkit.org/show_bug.cgi?id=159227
+
+        Reviewed by Saam Barati.
+        
+        According to my experiments this change costs nothing.  That's not surprising since the
+        most common way to construct a rope these days is inlined into the JIT, which does its own
+        safety checks.  This makes us crash sooner rather than corrupting memory.
+
+        * runtime/JSString.h:
+
 2016-06-28  Brian Burg  <bburg@apple.com>
 
         RunLoop::Timer should use constructor templates instead of class templates
index 9a894de..5d97a7a 100644 (file)
@@ -297,8 +297,8 @@ private:
     void finishCreation(VM& vm, ExecState* exec, JSString* base, unsigned offset, unsigned length)
     {
         Base::finishCreation(vm);
-        ASSERT(!sumOverflows<int32_t>(offset, length));
-        ASSERT(offset + length <= base->length());
+        RELEASE_ASSERT(!sumOverflows<int32_t>(offset, length));
+        RELEASE_ASSERT(offset + length <= base->length());
         m_length = length;
         setIs8Bit(base->is8Bit());
         setIsSubstring(true);
@@ -321,8 +321,8 @@ private:
     ALWAYS_INLINE void finishCreationSubstringOfResolved(VM& vm, JSString* base, unsigned offset, unsigned length)
     {
         Base::finishCreation(vm);
-        ASSERT(!sumOverflows<int32_t>(offset, length));
-        ASSERT(offset + length <= base->length());
+        RELEASE_ASSERT(!sumOverflows<int32_t>(offset, length));
+        RELEASE_ASSERT(offset + length <= base->length());
         m_length = length;
         setIs8Bit(base->is8Bit());
         setIsSubstring(true);