Bug 133905

Summary:

operationCreateArguments could cause a GC during OSR exit

Product:

WebKit

Reporter:

Michael Saboff <msaboff>

Component:

JavaScriptCore

Assignee:

Michael Saboff <msaboff>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch	fpizlo: review+

Description Michael Saboff 2014-06-14 10:23:49 PDT

We should delay GC during createArguments when called from OSR exit stub.

Comment 1 Michael Saboff 2014-06-14 10:32:30 PDT

Created attachment 233110 [details]
Patch

Comment 2 Michael Saboff 2014-06-14 10:44:41 PDT

Committed r169973: <http://trac.webkit.org/changeset/169973>

Comment 3 Geoffrey Garen 2014-06-16 11:38:24 PDT

Comment on attachment 233110 [details]
Patch

Why did you choose to special-case arguments recovery, rather than deferring GC throughout the OSR exit process?

Comment 4 Michael Saboff 2014-06-16 12:47:28 PDT

(In reply to comment #3)
> (From update of attachment 233110 [details])
> Why did you choose to special-case arguments recovery, rather than deferring GC throughout the OSR exit process?

This was the only place that Mark H and I found where we callout and allocate an object.  Also, it seemed more error prone to create a JIT equivalent of DeferGCForAWhile to wrap an OSR exit stub.