RESOLVED FIXED 209929
HeapSnapshotBuilder::analyzeNode() should filter out duplicate cells. 
https://bugs.webkit.org/show_bug.cgi?id=209929
Summary HeapSnapshotBuilder::analyzeNode() should filter out duplicate cells.
Mark Lam
Reported 2020-04-02 14:18:18 PDT
HeapSnapshot::finalize() assumes that its vector of cells are unique and have no duplicates. HeapSnapshot::appendNode() expects to only be called once for a cell, and hence, will not be adding a duplicate cell. It doesn't check for duplicates. However, with the concurrent GC marker, there’s a racy chance that the same cell is visited more than once by SlotVisitor, and therefore calls HeapSnapshotBuilder::analyzeNode() (and HeapSnapshot::appendNode()) more than once for the same cell. The easiest and cleanest fix for this is to simply keep a HashSet of appended cells in HeapSnapshotBuilder while it is building the snapshot. We can then use the hash set to filter out already appended cells, and avoid adding duplicates to the HeapSnapshot. <rdar://problem/60974478>
Attachments
proposed patch. (3.59 KB, patch)
2020-04-02 14:27 PDT, Mark Lam 		keith_miller: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2020-04-02 14:27:40 PDT
Created attachment 395300 [details] proposed patch.
Keith Miller
Comment 2 2020-04-02 14:45:19 PDT
Comment on attachment 395300 [details] proposed patch. r=me.
Mark Lam
Comment 3 2020-04-02 14:50:06 PDT
Thanks for the review. Landed in r259418: <http://trac.webkit.org/r259418>.
Note You need to log in before you can comment on or make changes to this bug.