Bug 181811

Summary: MaterializeNewObject expects the JSFinalObject allocator to be non-null.
Product: WebKit Reporter: Keith Miller <keith_miller>
Component: New BugsAssignee: Keith Miller <keith_miller>
Status: RESOLVED INVALID    
Severity: Normal CC: ews-watchlist, fpizlo, mark.lam, msaboff, saam, sam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Keith Miller 2018-01-18 13:48:50 PST 
MaterializeNewObject expects the JSFinalObject allocator to be non-null.
Comment 1 Keith Miller 2018-01-18 13:58:58 PST 
Created attachment 331658 [details]
Patch
Comment 2 Saam Barati 2018-01-18 16:18:23 PST 
Comment on attachment 331658 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=331658&action=review

> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:9888
> +                BlockDirectory* cellAllocator = subspaceFor<JSFinalObject>(vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::EnsureAllocator);

This is safe to do from the compiler thread? I don't think it is.

Also, any tests here? How did you find this bug?
Comment 3 Keith Miller 2018-01-19 10:09:21 PST 
I misread the code ignore this...
Comment 4 Filip Pizlo 2018-03-10 15:47:15 PST 
Yeah, if we didn’t create the allocator by the time we JIT that path, then it’s probably not hot enough to be worth optimizing that much. So, even if the GC did support creating allocators from any thread, I’m not sure doing that here would be better.