Bug 265721

Summary: [Wasm-GC] Typedef unrolling cache should hold values strongly
Product: WebKit Reporter: Asumu Takikawa <asumu>
Component: WebAssemblyAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 247394    

Asumu Takikawa
Reported 2023-12-02 10:30:18 PST
There is a cache used for unrolling rec/sub types, to avoid re-computing this constantly. The cache holds keys weakly (when the key is collected, it should be explicitly removed from the cache map) but it should hold values strongly to avoid deallocation. Right now the values are also held weakly. Changing this to use a `RefPtr` instead fixes some crashes related to this. It's been difficult to construct a example to reproduce the issue, but it comes up in real programs.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-12-09 10:31:13 PST
<rdar://problem/119435998>
Asumu Takikawa
Comment 2 2023-12-13 09:32:30 PST
Pull request: https://github.com/WebKit/WebKit/pull/21739
EWS
Comment 3 2023-12-13 19:14:56 PST
Committed 272016@main (456ffae07aa8): <https://commits.webkit.org/272016@main> Reviewed commits have been landed. Closing PR #21739 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.