Harden capacity checks in DFG::LocalCSEPhase::SmallMap.
https://bugs.webkit.org/show_bug.cgi?id=203123
<rdar://problem/56339943>
Change addPure() and addImpure() to use RELEASE_ASSERT in their capacity checks.
Reviewed by Keith Miller.
* dfg/DFGCSEPhase.cpp:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@251264 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index ee262b1..0bdb54b 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,5 +1,17 @@
2019-10-17 Mark Lam <mark.lam@apple.com>
+ Harden capacity checks in DFG::LocalCSEPhase::SmallMap.
+ https://bugs.webkit.org/show_bug.cgi?id=203123
+ <rdar://problem/56339943>
+
+ Change addPure() and addImpure() to use RELEASE_ASSERT in their capacity checks.
+
+ Reviewed by Keith Miller.
+
+ * dfg/DFGCSEPhase.cpp:
+
+2019-10-17 Mark Lam <mark.lam@apple.com>
+
Use constexpr in more places and remove some unnecessary external linkage.
https://bugs.webkit.org/show_bug.cgi?id=203115
diff --git a/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp b/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp
index 33b4751..2381c6b 100644
--- a/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp
@@ -385,7 +385,7 @@
return m_pureMap[i].value;
}
- ASSERT(m_pureLength < capacity);
+ RELEASE_ASSERT(m_pureLength < capacity);
m_pureMap[m_pureLength++] = WTF::KeyValuePair<PureValue, Node*>(value, node);
return nullptr;
}
@@ -407,7 +407,7 @@
return nullptr;
if (LazyNode result = findReplacement(location))
return result;
- ASSERT(m_impureLength < capacity);
+ RELEASE_ASSERT(m_impureLength < capacity);
m_impureMap[m_impureLength++] = WTF::KeyValuePair<HeapLocation, LazyNode>(location, node);
return nullptr;
}
