128654 – CopiedBlock::pin can call into fastFree while forbidden

Bug 128654 - CopiedBlock::pin can call into fastFree while forbidden

Summary: CopiedBlock::pin can call into fastFree while forbidden

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Hahnenberg

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-02-11 22:10 PST by Mark Hahnenberg
Modified:	2014-02-20 14:49 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Patch (2.14 KB, patch) 2014-02-20 12:12 PST, Mark Hahnenberg	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Hahnenberg 2014-02-11 22:10:54 PST

...

Comment 1 Mark Hahnenberg 2014-02-12 09:19:14 PST

This is probably due to the fact that a FullCollection that skips copying doesn't clear the CopyWorkList of the all the surviving CopiedBlocks because we now only call didSurviveGC() at the beginning of FullCollections.

EdenCollections always do copying, therefore they always clear all CopyWorkLists.

The fix is probably to call didSurviveGC() for all surviving CopiedBlocks at the end of FullCollections as well at the beginning.

Comment 2 Mark Hahnenberg 2014-02-20 12:12:17 PST

Created attachment 224781 [details]
Patch

Comment 3 WebKit Commit Bot 2014-02-20 14:49:53 PST

Comment on attachment 224781 [details]
Patch

Clearing flags on attachment: 224781

Committed r164448: <http://trac.webkit.org/changeset/164448>

Comment 4 WebKit Commit Bot 2014-02-20 14:49:54 PST

All reviewed patches have been landed.  Closing bug.