194082 – [JSC] Symbol should be in destructibleCellSpace

RESOLVED FIXED 194082

[JSC] Symbol should be in destructibleCellSpace

https://bugs.webkit.org/show_bug.cgi?id=194082

Summary [JSC] Symbol should be in destructibleCellSpace

Yusuke Suzuki

Reported 2019-01-30 23:14:01 PST

[JSC] Symbol should poison its member and make it destructible again

Attachments
Patch (14.53 KB, patch) 2019-01-30 23:22 PST, Yusuke Suzuki	saam: review+	Details Formatted Diff Diff
Patch (1.28 KB, patch) 2019-01-30 23:37 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (1.68 KB, patch) 2019-01-30 23:38 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Yusuke Suzuki

Comment 1 2019-01-30 23:22:27 PST

Created attachment 360694 [details] Patch

Saam Barati

Comment 2 2019-01-30 23:26:44 PST

Comment on attachment 360694 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360694&action=review > Source/JavaScriptCore/runtime/Symbol.h:76 > + PoisonedRef<SymbolPoison, SymbolImpl> m_symbolImpl; Please revert the poisoning part of this change including the JIT portion. We turned off poisoning. We should really strip it entirely from the code base.

Yusuke Suzuki

Comment 3 2019-01-30 23:32:52 PST

Comment on attachment 360694 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360694&action=review >> Source/JavaScriptCore/runtime/Symbol.h:76 >> + PoisonedRef<SymbolPoison, SymbolImpl> m_symbolImpl; > > Please revert the poisoning part of this change including the JIT portion. We turned off poisoning. We should really strip it entirely from the code base. Should we remove cellJSValueOOBSpace too? (in a subsequent patch)

Saam Barati

Comment 4 2019-01-30 23:35:37 PST

(In reply to Yusuke Suzuki from comment #3) > Comment on attachment 360694 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=360694&action=review > > >> Source/JavaScriptCore/runtime/Symbol.h:76 > >> + PoisonedRef<SymbolPoison, SymbolImpl> m_symbolImpl; > > > > Please revert the poisoning part of this change including the JIT portion. We turned off poisoning. We should really strip it entirely from the code base. > > Should we remove cellJSValueOOBSpace too? (in a subsequent patch) Yeah probably.

Yusuke Suzuki

Comment 5 2019-01-30 23:37:29 PST

Created attachment 360695 [details] Patch

Yusuke Suzuki

Comment 6 2019-01-30 23:38:45 PST

Created attachment 360696 [details] Patch

Yusuke Suzuki

Comment 7 2019-01-30 23:42:46 PST

Committed r240766: <https://trac.webkit.org/changeset/240766>

Radar WebKit Bug Importer

Comment 8 2019-01-30 23:43:38 PST

<rdar://problem/47695087>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Yusuke Suzuki

Reported

2019-01-30 23:14 PST

Modified

2019-01-30 23:43 PST History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks