Bug 180634

Summary: Harden a few assertions in GC sweep
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch saam: review+

Filip Pizlo
Reported 2017-12-10 09:19:58 PST
Patch forthcoming.
Attachments
the patch (1.46 KB, patch)
2017-12-10 09:21 PST, Filip Pizlo 		saam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2017-12-10 09:21:27 PST
Created attachment 328937 [details] the patch
Saam Barati
Comment 2 2017-12-10 16:33:50 PST
Comment on attachment 328937 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=328937&action=review > Source/JavaScriptCore/heap/MarkedBlock.cpp:405 > + RELEASE_ASSERT(!m_isFreeListed); The old branch was never taken?
Filip Pizlo
Comment 3 2017-12-10 17:09:43 PST
(In reply to Saam Barati from comment #2) > Comment on attachment 328937 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=328937&action=review > > > Source/JavaScriptCore/heap/MarkedBlock.cpp:405 > > + RELEASE_ASSERT(!m_isFreeListed); > > The old branch was never taken? Nope. It doesn't make sense that m_isFreeListed would be true, and if it was, simply returning couldn't possibly be the right thing to do. My best theory is this: this was landed originally in a patch where I had added that logic to support something else, and then removed that something else, but didn't remove the check.
Filip Pizlo
Comment 4 2017-12-10 17:10:51 PST
Landed in https://trac.webkit.org/changeset/225734/webkit
Radar WebKit Bug Importer
Comment 5 2017-12-10 17:11:24 PST
<rdar://problem/35958652>
Note You need to log in before you can comment on or make changes to this bug.