162319 – DFG::StoreBarrierInsertionPhase should assume that any epoch increment may make objects older

Bug 162319 - DFG::StoreBarrierInsertionPhase should assume that any epoch increment may make objects older

Summary: DFG::StoreBarrierInsertionPhase should assume that any epoch increment may ma...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Filip Pizlo

URL:
Keywords:

Depends on:
Blocks:	149432
	Show dependency tree / graph

Reported:	2016-09-20 14:24 PDT by Filip Pizlo
Modified:	2016-09-20 15:59 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
the patch (5.61 KB, patch) 2016-09-20 15:46 PDT, Filip Pizlo	saam: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Pizlo 2016-09-20 14:24:40 PDT

If you just allocated an object, then it's true that the object must be white.  But as soon as you do anything to it, it will become black.  The insertion phase needs to be smart about this.

Comment 1 Filip Pizlo 2016-09-20 15:46:32 PDT

Created attachment 289406 [details]
the patch

Comment 2 Filip Pizlo 2016-09-20 15:59:47 PDT

Landed in http://trac.webkit.org/changeset/206183