136178 – TypeSet caches structureIDs even after the corresponding Structure could be GCed

Bug 136178 - TypeSet caches structureIDs even after the corresponding Structure could be GCed

Summary: TypeSet caches structureIDs even after the corresponding Structure could be GCed

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Saam Barati

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-08-22 16:07 PDT by Saam Barati
Modified:	2014-08-26 14:24 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
patch (5.18 KB, patch) 2014-08-26 12:45 PDT, Saam Barati	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Saam Barati 2014-08-22 16:07:28 PDT

Currently, caching based on structudeIDs in TypeSet is invalid because it will claim it has seen a Structure that it might not have seen.

This needs to be fixed. The easiest solution is simply to clear all StructureID caches in TypeSet when we garbage collect.

Comment 1 Saam Barati 2014-08-26 12:45:18 PDT

Created attachment 237167 [details]
patch

This clears each TypeSet's StructureID cache each time GC collects.
It also renamed the member variable on TypeSet to better indicate it's a cache.

Comment 2 Geoffrey Garen 2014-08-26 13:42:27 PDT

Comment on attachment 237167 [details]
patch

r=me

Comment 3 WebKit Commit Bot 2014-08-26 14:24:52 PDT

Comment on attachment 237167 [details]
patch

Clearing flags on attachment: 237167

Committed r172976: <http://trac.webkit.org/changeset/172976>

Comment 4 WebKit Commit Bot 2014-08-26 14:24:55 PDT

All reviewed patches have been landed.  Closing bug.