162319 – DFG::StoreBarrierInsertionPhase should assume that any epoch increment may make objects older

RESOLVED FIXED 162319

DFG::StoreBarrierInsertionPhase should assume that any epoch increment may make objects older

https://bugs.webkit.org/show_bug.cgi?id=162319

Summary DFG::StoreBarrierInsertionPhase should assume that any epoch increment may ma...

Filip Pizlo

Reported 2016-09-20 14:24:40 PDT

If you just allocated an object, then it's true that the object must be white. But as soon as you do anything to it, it will become black. The insertion phase needs to be smart about this.

Attachments
the patch (5.61 KB, patch) 2016-09-20 15:46 PDT, Filip Pizlo	saam: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2016-09-20 15:46:32 PDT

Created attachment 289406 [details] the patch

Filip Pizlo

Comment 2 2016-09-20 15:59:47 PDT

Landed in http://trac.webkit.org/changeset/206183

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Filip Pizlo

Reported

2016-09-20 14:24 PDT

Modified

2016-09-20 15:59 PDT History

CC List

5 users Show

URL

Keywords

Depends on

Blocks

149432

Dependencies

tree graph