Bug 136178

Summary: TypeSet caches structureIDs even after the corresponding Structure could be GCed
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fpizlo
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Description Saam Barati 2014-08-22 16:07:28 PDT 
Currently, caching based on structudeIDs in TypeSet is invalid because it will claim it has seen a Structure that it might not have seen.

This needs to be fixed. The easiest solution is simply to clear all StructureID caches in TypeSet when we garbage collect.
Comment 1 Saam Barati 2014-08-26 12:45:18 PDT 
Created attachment 237167 [details]
patch

This clears each TypeSet's StructureID cache each time GC collects.
It also renamed the member variable on TypeSet to better indicate it's a cache.
Comment 2 Geoffrey Garen 2014-08-26 13:42:27 PDT 
Comment on attachment 237167 [details]
patch

r=me
Comment 3 WebKit Commit Bot 2014-08-26 14:24:52 PDT 
Comment on attachment 237167 [details]
patch

Clearing flags on attachment: 237167

Committed r172976: <http://trac.webkit.org/changeset/172976>
Comment 4 WebKit Commit Bot 2014-08-26 14:24:55 PDT 
All reviewed patches have been landed.  Closing bug.