128655 – VerifyMarked functor is wrong during EdenCollections

ASSIGNED 128655

VerifyMarked functor is wrong during EdenCollections

https://bugs.webkit.org/show_bug.cgi?id=128655

Summary VerifyMarked functor is wrong during EdenCollections

Mark Hahnenberg

Reported 2014-02-11 22:12:20 PST

We should think about the invariants for the MarkedBlock's BlockState.

Attachments
Add attachment proposed patch, testcase, etc.

Mark Hahnenberg

Comment 1 2014-02-11 22:14:13 PST

To be more specific, blocks whose marks aren't cleared during an EdenCollection could potentially still be in the Allocated block state. Historically the invariant has been that all blocks after a collection are in the MarkedState. It might be the case that we can relax this invariant for EdenCollections.

Mark Hahnenberg

Comment 2 2014-02-11 22:14:49 PST

(In reply to comment #1) > MarkedState Marked state.

Mark Lam

Comment 3 2014-02-19 15:24:39 PST

This issue can be easily reproduced by applying the patch at <https://webkit.org/b/129067>, and running testapi on a 64-bit debug build.

Radar WebKit Bug Importer

Comment 4 2014-02-19 15:25:39 PST

<rdar://problem/16115197>

Note You need to log in before you can comment on or make changes to this bug.

Status ASSIGNED

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Mark Lam

Reported

2014-02-11 22:12 PST

Modified

2014-02-19 15:25 PST History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks

129067

Dependencies

tree graph