Bug 149050

Summary:

Fix JSC_objectsAreImmortal to work with JSC_useZombieMode

Product:

WebKit

Reporter:

Mark Lam <mark.lam>

Component:

JavaScriptCore

Assignee:

Mark Lam <mark.lam>

Status:

ASSIGNED ---

Severity:

Normal

CC:

benjamin, fpizlo, ggaren, keith_miller, msaboff, saam

Priority:

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
work in progress	none

Description Mark Lam 2015-09-10 16:36:19 PDT

Previously, JSC_objectsAreImmortal works by marking all dead objects.  If we also have JSC_useZombieMode enabled, the marking of dead objects may end up walking over zombified objects and crash the VM.  To be compatible with JSC_useZombieMode, We can make JSC_objectsAreImmortal work by sweeping dead objects but never freeing them instead.

Comment 1 Mark Lam 2015-09-14 13:28:31 PDT

Created attachment 261127 [details]
work in progress

AFAIK, this patch works.  The only issue is that the test case is not able to reproduce the original issue (which I previously observed why debugging some real world bug).  Archiving this patch for now and moving on until I see this issue again or think of how to reproduce it.