RESOLVED FIXED 128202
Malloc called beneath MachineThreads::gatherFromOtherThread(), while forbidden 
https://bugs.webkit.org/show_bug.cgi?id=128202
Summary Malloc called beneath MachineThreads::gatherFromOtherThread(), while forbidden
Mark Hahnenberg
Reported 2014-02-04 12:08:10 PST
This will require a data structure that doesn't use FastMalloc to record CodeBlocks during the stack scan. We already have something along these lines: MarkStackArray. It assumes it's only storing JSCells, but we could generalize it to serve more than one purpose.
Attachments
Patch (7.41 KB, patch)
2014-02-04 18:35 PST, Mark Hahnenberg 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2014-02-04 18:35:16 PST
Created attachment 223194 [details] Patch
Mark Hahnenberg
Comment 2 2014-02-04 18:56:50 PST
<rdar://problem/15980362>
Geoffrey Garen
Comment 3 2014-02-04 20:54:46 PST
Comment on attachment 223194 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=223194&action=review r=me > Source/JavaScriptCore/heap/GCSegmentedArray.h:137 > + if (!m_currentSegment) > + return *this; This should be an ASSERT. It's undefined behavior to ++ past the end of an iterator.
Mark Hahnenberg
Comment 4 2014-02-05 09:27:17 PST
Committed r163450: <http://trac.webkit.org/changeset/163450>
Note You need to log in before you can comment on or make changes to this bug.