Bug 200111 - [JSC] Investigate CodeBlock liveness
Summary: [JSC] Investigate CodeBlock liveness
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yusuke Suzuki
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-24 21:30 PDT by Yusuke Suzuki
Modified: 2019-07-25 16:25 PDT (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Yusuke Suzuki 2019-07-24 21:30:03 PDT
My guess is that CodeBlock has some problem.
Comment 1 Yusuke Suzuki 2019-07-24 21:31:58 PDT
CodeBlockSet contains CodeBlocks, but it is removed when the destructor is called.
Is this correct mechanism? Iā€™m thinking that it is wrong with incremental sweeping and conservative scan.
Comment 2 Yusuke Suzuki 2019-07-25 16:25:34 PDT
I think conservative-scan & CodeBlockSet combination is OK, but still I think CodeBlockSet is potentially dangerous.
CodeBlock is registered to that set when it is created, and it is removed when CodeBlock::~CodeBlock destructor is called. This means that CodeBlock is included when CodeBlock is already dead but its destructor is not called (not swept yet).
If the client of CodeBlockSet does not account the possibility that touching CodeBlock is now dead, having a bad time.

The safer way is removing dead CodeBlocks when GC finalizing happens.