| Summary: | [JSC] Custom getter / setter functions can be collected | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Yusuke Suzuki <ysuzuki> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW --- | ||
| Severity: | Normal | CC: | ashvayka, webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Wow, this is a great catch!
Since there could be a lot of `Object.getOwnPropertyDescriptors(%WebIDLInterface%.prototype)` out there in the web, my first approach would be creating separate HashSet on JSGlobalObject that is strong, and leverage Structure::didTransitionFromThisStructure() (m_transitionWatchpointSet) to copy JSCustom{Getter,Setter}Function objects there, so we can avoid overriding MethodTable::destroy() for performance reasons.
So the idea is to keep them weak unless they transition from initial structure. Hmm, a watchpoint won't help preserve the first marked getter / setter correctly as we have no place to check it except JSObject::getOwnPropertyDescriptor(). Instead, we should subclass WeakHandleOwner, check for modified structure in its finalize(), and tweak WeakGCSet to accept it. |
It is weakly held. This means that they can be collected if nobody references it. So, { var getter = Object.getOwnPropertyDescriptor(RegExp, "rightContext").get; getter.mark = true; } // Make GC happens. { var getter = Object.getOwnPropertyDescriptor(RegExp, "rightContext").get; print(getter.mark); // => undefined } We need to keep these accessors strongly in the holder.