Bug 60908

Summary: JSWeakObjectMap finalisation may occur while gc is in inconsistent state
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: New BugsAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch ggaren: review+, webkit.review.bot: commit-queue-

Description Oliver Hunt 2011-05-16 11:05:41 PDT 
JSWeakObjectMap finalisation may occur while gc is in inconsistent state
Comment 1 Oliver Hunt 2011-05-16 11:09:15 PDT 
Created attachment 93670 [details]
Patch
Comment 2 Geoffrey Garen 2011-05-16 11:22:16 PDT 
Comment on attachment 93670 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=93670&action=review

Please file a bug to track the better long-term change we discussed, which makes weak maps reference-counted in the API, based on a linked-on-or-after check

> Source/JavaScriptCore/runtime/JSGlobalObject.h:116
> +        static JS_EXPORTDATA WeakMapFinalizer s_weakMapFinalizer;

These names really should be plural -- "WeakMapsFinalizer, s_weakMapsFinalizer", etc.
Comment 3 Oliver Hunt 2011-05-16 11:54:55 PDT 
Committed r86594: <http://trac.webkit.org/changeset/86594>
Comment 4 WebKit Review Bot 2011-05-16 12:24:22 PDT 
Comment on attachment 93670 [details]
Patch

Attachment 93670 [details] did not pass mac-ews (mac):
Output: http://queues.webkit.org/results/8699931