RESOLVED FIXED 181655
Replace isFreeListedCell with some machinery to determine if a cell is dead-but-not-destructed 
https://bugs.webkit.org/show_bug.cgi?id=181655
Summary Replace isFreeListedCell with some machinery to determine if a cell is dead-b...
Filip Pizlo
Reported 2018-01-15 12:11:29 PST
Due to https://bugs.webkit.org/show_bug.cgi?id=172548, we now have a variety of watchpoints (and any event handler that deregisters during destruction) check if their owner object is still live if they are fired. This protects the case where the owner is dead-but-not-destructed. This "is live" query requires sometimes dealing with free-listed blocks, since an object might as "am I live" due to some watchpoint while the block that it was allocated out of is still in the free-listed state. That's annoying, since that means walking the free-lists of active blocks. But notice that a block that is free-listed cannot have any dead-but-not-destructed objects in it. Therefore, we should simplify our solution to bug 172548 to use a HeapCell::isDeadButNotDestructed(), which can automatically return false if the owning block is free-listed.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2024-09-13 10:17:06 PDT
<rdar://problem/135961786>
Dan Hecht
Comment 2 2024-09-16 09:35:56 PDT
Pull request: https://github.com/WebKit/WebKit/pull/33700
EWS
Comment 3 2024-09-17 09:04:40 PDT
Committed 283772@main (5ae437da2c04): <https://commits.webkit.org/283772@main> Reviewed commits have been landed. Closing PR #33700 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.