Bug 136178

Summary:

TypeSet caches structureIDs even after the corresponding Structure could be GCed

Product:

WebKit

Reporter:

Saam Barati <saam>

Component:

JavaScriptCore

Assignee:

Saam Barati <saam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, fpizlo

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
patch	none

Saam Barati

Reported 2014-08-22 16:07:28 PDT

Currently, caching based on structudeIDs in TypeSet is invalid because it will claim it has seen a Structure that it might not have seen. This needs to be fixed. The easiest solution is simply to clear all StructureID caches in TypeSet when we garbage collect.

Attachments
patch (5.18 KB, patch) 2014-08-26 12:45 PDT, Saam Barati	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Saam Barati

Comment 1 2014-08-26 12:45:18 PDT

Created attachment 237167 [details] patch This clears each TypeSet's StructureID cache each time GC collects. It also renamed the member variable on TypeSet to better indicate it's a cache.

Geoffrey Garen

Comment 2 2014-08-26 13:42:27 PDT

Comment on attachment 237167 [details] patch r=me

WebKit Commit Bot

Comment 3 2014-08-26 14:24:52 PDT

Comment on attachment 237167 [details] patch Clearing flags on attachment: 237167 Committed r172976: <http://trac.webkit.org/changeset/172976>

WebKit Commit Bot

Comment 4 2014-08-26 14:24:55 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.