Bug 180634 - Harden a few assertions in GC sweep
Summary: Harden a few assertions in GC sweep
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-12-10 09:19 PST by Filip Pizlo
Modified: 2017-12-10 17:11 PST (History)
6 users (show)

See Also:


Attachments
the patch (1.46 KB, patch)
2017-12-10 09:21 PST, Filip Pizlo
sbarati: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2017-12-10 09:19:58 PST
Patch forthcoming.
Comment 1 Filip Pizlo 2017-12-10 09:21:27 PST
Created attachment 328937 [details]
the patch
Comment 2 Saam Barati 2017-12-10 16:33:50 PST
Comment on attachment 328937 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=328937&action=review

> Source/JavaScriptCore/heap/MarkedBlock.cpp:405
> +    RELEASE_ASSERT(!m_isFreeListed);

The old branch was never taken?
Comment 3 Filip Pizlo 2017-12-10 17:09:43 PST
(In reply to Saam Barati from comment #2)
> Comment on attachment 328937 [details]
> the patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=328937&action=review
> 
> > Source/JavaScriptCore/heap/MarkedBlock.cpp:405
> > +    RELEASE_ASSERT(!m_isFreeListed);
> 
> The old branch was never taken?

Nope.  It doesn't make sense that m_isFreeListed would be true, and if it was, simply returning couldn't possibly be the right thing to do.

My best theory is this: this was landed originally in a patch where I had added that logic to support something else, and then removed that something else, but didn't remove the check.
Comment 4 Filip Pizlo 2017-12-10 17:10:51 PST
Landed in https://trac.webkit.org/changeset/225734/webkit
Comment 5 Radar WebKit Bug Importer 2017-12-10 17:11:24 PST
<rdar://problem/35958652>