Bug 149050

Summary:

Fix JSC_objectsAreImmortal to work with JSC_useZombieMode

Product:

WebKit

Reporter:

Mark Lam <mark.lam>

Component:

JavaScriptCore

Assignee:

Mark Lam <mark.lam>

Status:

ASSIGNED

Severity:

Normal

CC:

benjamin, fpizlo, ggaren, keith_miller, msaboff, saam

Priority:

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
work in progress	none

Mark Lam

Reported 2015-09-10 16:36:19 PDT

Previously, JSC_objectsAreImmortal works by marking all dead objects. If we also have JSC_useZombieMode enabled, the marking of dead objects may end up walking over zombified objects and crash the VM. To be compatible with JSC_useZombieMode, We can make JSC_objectsAreImmortal work by sweeping dead objects but never freeing them instead.

Attachments
work in progress (15.88 KB, patch) 2015-09-14 13:28 PDT, Mark Lam	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2015-09-14 13:28:31 PDT

Created attachment 261127 [details] work in progress AFAIK, this patch works. The only issue is that the test case is not able to reproduce the original issue (which I previously observed why debugging some real world bug). Archiving this patch for now and moving on until I see this issue again or think of how to reproduce it.

Note You need to log in before you can comment on or make changes to this bug.