200111 – [JSC] Investigate CodeBlock liveness

NEW 200111

[JSC] Investigate CodeBlock liveness

https://bugs.webkit.org/show_bug.cgi?id=200111

Summary [JSC] Investigate CodeBlock liveness

Yusuke Suzuki

Reported 2019-07-24 21:30:03 PDT

My guess is that CodeBlock has some problem.

Attachments
Add attachment proposed patch, testcase, etc.

Yusuke Suzuki

Comment 1 2019-07-24 21:31:58 PDT

CodeBlockSet contains CodeBlocks, but it is removed when the destructor is called. Is this correct mechanism? I’m thinking that it is wrong with incremental sweeping and conservative scan.

Yusuke Suzuki

Comment 2 2019-07-25 16:25:34 PDT

I think conservative-scan & CodeBlockSet combination is OK, but still I think CodeBlockSet is potentially dangerous. CodeBlock is registered to that set when it is created, and it is removed when CodeBlock::~CodeBlock destructor is called. This means that CodeBlock is included when CodeBlock is already dead but its destructor is not called (not swept yet). If the client of CodeBlockSet does not account the possibility that touching CodeBlock is now dead, having a bad time. The safer way is removing dead CodeBlocks when GC finalizing happens.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Yusuke Suzuki

Reported

2019-07-24 21:30 PDT

Modified

2019-07-25 16:25 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks