| Summary: | CopiedBlock::pin can call into fastFree while forbidden | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Mark Hahnenberg <mhahnenberg> | ||||
| Component: | JavaScriptCore | Assignee: | Mark Hahnenberg <mhahnenberg> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | commit-queue | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
|
Description
Mark Hahnenberg
2014-02-11 22:10:54 PST
This is probably due to the fact that a FullCollection that skips copying doesn't clear the CopyWorkList of the all the surviving CopiedBlocks because we now only call didSurviveGC() at the beginning of FullCollections. EdenCollections always do copying, therefore they always clear all CopyWorkLists. The fix is probably to call didSurviveGC() for all surviving CopiedBlocks at the end of FullCollections as well at the beginning. Created attachment 224781 [details]
Patch
Comment on attachment 224781 [details] Patch Clearing flags on attachment: 224781 Committed r164448: <http://trac.webkit.org/changeset/164448> All reviewed patches have been landed. Closing bug. |