Bug 149050 - Fix JSC_objectsAreImmortal to work with JSC_useZombieMode
Summary: Fix JSC_objectsAreImmortal to work with JSC_useZombieMode
Status: ASSIGNED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-10 16:36 PDT by Mark Lam
Modified: 2015-09-14 13:28 PDT (History)
6 users (show)

See Also:

Attachments
work in progress (15.88 KB, patch)
2015-09-14 13:28 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2015-09-10 16:36:19 PDT 
Previously, JSC_objectsAreImmortal works by marking all dead objects.  If we also have JSC_useZombieMode enabled, the marking of dead objects may end up walking over zombified objects and crash the VM.  To be compatible with JSC_useZombieMode, We can make JSC_objectsAreImmortal work by sweeping dead objects but never freeing them instead.
Comment 1 Mark Lam 2015-09-14 13:28:31 PDT 
Created attachment 261127 [details]
work in progress

AFAIK, this patch works.  The only issue is that the test case is not able to reproduce the original issue (which I previously observed why debugging some real world bug).  Archiving this patch for now and moving on until I see this issue again or think of how to reproduce it.