187157 – IsoCellSet::sweepToFreeList() not safe when Full GC in process

RESOLVED FIXED 187157

IsoCellSet::sweepToFreeList() not safe when Full GC in process

https://bugs.webkit.org/show_bug.cgi?id=187157

Summary IsoCellSet::sweepToFreeList() not safe when Full GC in process

Michael Saboff

Reported 2018-06-28 14:33:06 PDT

If we are in the process of a full GC and we call into IsoCellSet::sweepToFreeList(), the IsoCellSet's bits may be improperly cleared due to incomplete stale marks logic. The stale marks logic needs to match what is in MarkedBlock::Handle::specializedSweep where it takes into account whether or not we are in the process of marking during a full GC.

Attachments
Patch (2.95 KB, patch) 2018-06-28 15:52 PDT, Michael Saboff	mark.lam: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Michael Saboff

Comment 1 2018-06-28 14:33:27 PDT

<rdar://problem/41400293>

Michael Saboff

Comment 2 2018-06-28 15:52:45 PDT

Created attachment 343866 [details] Patch

Mark Lam

Comment 3 2018-06-28 16:00:14 PDT

Comment on attachment 343866 [details] Patch r=me

Michael Saboff

Comment 4 2018-06-28 20:27:30 PDT

Committed r233346: <https://trac.webkit.org/changeset/233346>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Michael Saboff

Reported

2018-06-28 14:33 PDT

Modified

2018-06-28 20:27 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks