Allow MixedArray::MakeReserveLike to work on arrays with virtual size#3065
Closed
tstarling wants to merge 1 commit intofacebook:masterfrom
Closed
Allow MixedArray::MakeReserveLike to work on arrays with virtual size#3065tstarling wants to merge 1 commit intofacebook:masterfrom
tstarling wants to merge 1 commit intofacebook:masterfrom
Conversation
Contributor
Author
Contributor
|
(Also: thanks for finding and fixing this. ;) |
Previously this would try to create an array with 2^32 elements, causing an assertion or crash. array_map.hhas calls NewLikeArrayL on arbitrary input, which in turn calls MixedArray::MakeReserveLike. So any array originating from EZC would crash when fed into array_map(). Added two test cases which previously crashed.
Contributor
Author
|
Thanks for the review. Added $GLOBALS test. |
tstarling
added a commit
to tstarling/hhvm
that referenced
this pull request
Sep 23, 2014
Fix JIT versions of count() and conversion of array to boolean, so that they work with ProxyArray. In both cases, duplicate the logic in ArrayData::size() -- if the sign bit of the size field is unset, use that field, otherwise call vsize(). The resulting generated machine code for conversion to boolean is along the lines of: mov 0x4(%rdi),%eax test %eax,%eax js 0xf80049b setne %al where 0xf80049b is the slow path. This is similar to the machine code I previously reported for ArrayData::size() in code review of 1717e028f18 (see facebook#3065). Also fixed the non-JIT version of conversion to boolean. Added test case which previously failed. Amended empty-globals.php test which now actually works instead of being a "deliberate mistake".
hhvm-bot
pushed a commit
that referenced
this pull request
Sep 23, 2014
Summary: Fix JIT versions of count() and conversion of array to boolean, so that they work with ProxyArray. In both cases, duplicate the logic in ArrayData::size() -- if the sign bit of the size field is unset, use that field, otherwise call vsize(). The resulting generated machine code for conversion to boolean is along the lines of: mov 0x4(%rdi),%eax test %eax,%eax js 0xf80049b setne %al where 0xf80049b is the slow path. This is similar to the machine code I previously reported for ArrayData::size() in code review of 1717e028f18 (see #3065). Added test case which previously failed. Closes #3811 Reviewed By: @ptarjan Differential Revision: D1568919
rrh
pushed a commit
to newrelic-forks/hhvm
that referenced
this pull request
Sep 24, 2014
Summary: Fix JIT versions of count() and conversion of array to boolean, so that they work with ProxyArray. In both cases, duplicate the logic in ArrayData::size() -- if the sign bit of the size field is unset, use that field, otherwise call vsize(). The resulting generated machine code for conversion to boolean is along the lines of: mov 0x4(%rdi),%eax test %eax,%eax js 0xf80049b setne %al where 0xf80049b is the slow path. This is similar to the machine code I previously reported for ArrayData::size() in code review of 1717e028f18 (see facebook#3065). Added test case which previously failed. Closes facebook#3811 Reviewed By: @ptarjan Differential Revision: D1568919
ptarjan
pushed a commit
that referenced
this pull request
Oct 28, 2014
Fix JIT versions of count() and conversion of array to boolean, so that they work with ProxyArray. In both cases, duplicate the logic in ArrayData::size() -- if the sign bit of the size field is unset, use that field, otherwise call vsize(). The resulting generated machine code for conversion to boolean is along the lines of: mov 0x4(%rdi),%eax test %eax,%eax js 0xf80049b setne %al where 0xf80049b is the slow path. This is similar to the machine code I previously reported for ArrayData::size() in code review of 1717e028f18 (see #3065). Added test case which previously failed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Previously this would try to create an array with 2^32 elements, causing
an assertion or crash. array_map.hhas calls NewLikeArrayL on arbitrary
input, which in turn calls MixedArray::MakeReserveLike. So any array
originating from EZC would crash when fed into array_map().
Added test case which previously crashed.