Bug 194082

Summary: [JSC] Symbol should be in destructibleCellSpace
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
saam: review+
Patch
none
Patch none

Yusuke Suzuki
Reported 2019-01-30 23:14:01 PST
[JSC] Symbol should poison its member and make it destructible again
Attachments
Patch (14.53 KB, patch)
2019-01-30 23:22 PST, Yusuke Suzuki 		saam: review+
DetailsFormatted DiffDiff
Patch (1.28 KB, patch)
2019-01-30 23:37 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (1.68 KB, patch)
2019-01-30 23:38 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2019-01-30 23:22:27 PST
Created attachment 360694 [details] Patch
Saam Barati
Comment 2 2019-01-30 23:26:44 PST
Comment on attachment 360694 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360694&action=review > Source/JavaScriptCore/runtime/Symbol.h:76 > + PoisonedRef<SymbolPoison, SymbolImpl> m_symbolImpl; Please revert the poisoning part of this change including the JIT portion. We turned off poisoning. We should really strip it entirely from the code base.
Yusuke Suzuki
Comment 3 2019-01-30 23:32:52 PST
Comment on attachment 360694 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360694&action=review >> Source/JavaScriptCore/runtime/Symbol.h:76 >> + PoisonedRef<SymbolPoison, SymbolImpl> m_symbolImpl; > > Please revert the poisoning part of this change including the JIT portion. We turned off poisoning. We should really strip it entirely from the code base. Should we remove cellJSValueOOBSpace too? (in a subsequent patch)
Saam Barati
Comment 4 2019-01-30 23:35:37 PST
(In reply to Yusuke Suzuki from comment #3) > Comment on attachment 360694 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=360694&action=review > > >> Source/JavaScriptCore/runtime/Symbol.h:76 > >> + PoisonedRef<SymbolPoison, SymbolImpl> m_symbolImpl; > > > > Please revert the poisoning part of this change including the JIT portion. We turned off poisoning. We should really strip it entirely from the code base. > > Should we remove cellJSValueOOBSpace too? (in a subsequent patch) Yeah probably.
Yusuke Suzuki
Comment 5 2019-01-30 23:37:29 PST
Created attachment 360695 [details] Patch
Yusuke Suzuki
Comment 6 2019-01-30 23:38:45 PST
Created attachment 360696 [details] Patch
Yusuke Suzuki
Comment 7 2019-01-30 23:42:46 PST
Committed r240766: <https://trac.webkit.org/changeset/240766>
Radar WebKit Bug Importer
Comment 8 2019-01-30 23:43:38 PST
<rdar://problem/47695087>
Note You need to log in before you can comment on or make changes to this bug.