Bug 166874

Summary: JSArray has some object scanning races
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, i, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 165909    
Attachments:
Description Flags
the patch
none
the patch mark.lam: review+

Description Filip Pizlo 2017-01-09 19:27:47 PST 
Fix them with locks!
Comment 1 Radar WebKit Bug Importer 2017-01-09 19:28:08 PST 
<rdar://problem/29941356>
Comment 2 Filip Pizlo 2017-01-09 20:03:26 PST 
Created attachment 298436 [details]
the patch
Comment 3 Filip Pizlo 2017-01-09 20:05:17 PST 
Created attachment 298437 [details]
the patch
Comment 4 Mark Lam 2017-01-09 23:17:39 PST 
Comment on attachment 298437 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=298437&action=review

r=me

> Source/JavaScriptCore/runtime/JSArray.cpp:1081
> -
> +    

Please undo this empty space change.
Comment 5 Filip Pizlo 2017-01-10 10:39:30 PST 
(In reply to comment #4)
> Comment on attachment 298437 [details]
> the patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=298437&action=review
> 
> r=me
> 
> > Source/JavaScriptCore/runtime/JSArray.cpp:1081
> > -
> > +    
> 
> Please undo this empty space change.

Fixed!
Comment 6 Filip Pizlo 2017-01-10 10:46:07 PST 
Landed in https://trac.webkit.org/changeset/210553
Comment 7 Mark Lam 2017-01-13 16:07:57 PST 
*** Bug 166795 has been marked as a duplicate of this bug. ***