RESOLVED FIXED167193
JSSegmentedVariableObject and its subclasses should have a sane destruction story 
https://bugs.webkit.org/show_bug.cgi?id=167193
Summary JSSegmentedVariableObject and its subclasses should have a sane destruction s...
Filip Pizlo
Reported 2017-01-18 20:21:42 PST
Right now, JSSegmentedVariableObjects' subclasses install finalizers that call destroy. They do this in random ways, which sometimes result in JSSegmentedVariableObject::~JSSegmentedVariableObject executing more than once (which works because of the way that ~SegmentedVector is written). Maybe this works now, but it's a disaster waiting to happen. Fortunately we can now just give those things their own Subspace and teach it its own protocol of destruction.
Attachments
the patch (45.87 KB, patch)
2017-01-18 20:43 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (45.86 KB, patch)
2017-01-18 20:52 PST, Filip Pizlo 		saam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2017-01-18 20:43:24 PST
Created attachment 299227 [details] the patch
WebKit Commit Bot
Comment 2 2017-01-18 20:44:29 PST
Attachment 299227 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h:104: The parameter name "vm" adds no information, so it should be removed. [readability/parameter_name] [5] ERROR: Source/JavaScriptCore/runtime/JSSegmentedVariableObjectSubspace.cpp:29: Alphabetical sorting problem. [build/include_order] [4] Total errors found: 2 in 16 files If any of these errors are false positives, please file a bug against check-webkit-style.
Filip Pizlo
Comment 3 2017-01-18 20:52:39 PST
Created attachment 299230 [details] the patch
Filip Pizlo
Comment 4 2017-01-18 21:14:55 PST
Landed in https://trac.webkit.org/changeset/210912
Note You need to log in before you can comment on or make changes to this bug.