216717 – [JSC] PreciseAllocation's isNewlyAllocated flag should be propagated from isMarked at GC begin phase to make isLive correct

RESOLVED FIXED 216717

[JSC] PreciseAllocation's isNewlyAllocated flag should be propagated from isMarked at GC begin phase to make isLive correct

https://bugs.webkit.org/show_bug.cgi?id=216717

Summary [JSC] PreciseAllocation's isNewlyAllocated flag should be propagated from isM...

Yusuke Suzuki

Reported 2020-09-18 15:04:32 PDT

[JSC] PreciseAllocation's isNewlyAllocated flag should be propagated from isMarked at GC begin phase to make isLive correct

Attachments
Patch (3.61 KB, patch) 2020-09-18 15:13 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (4.05 KB, patch) 2020-09-18 15:25 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (4.05 KB, patch) 2020-09-18 16:32 PDT, Yusuke Suzuki	mark.lam: review+	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Yusuke Suzuki

Comment 1 2020-09-18 15:13:43 PDT

Created attachment 409173 [details] Patch

Yusuke Suzuki

Comment 2 2020-09-18 15:25:08 PDT

Created attachment 409175 [details] Patch

Radar WebKit Bug Importer

Comment 3 2020-09-18 15:50:02 PDT

<rdar://problem/69179885>

Mark Lam

Comment 4 2020-09-18 16:26:38 PDT

Comment on attachment 409175 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409175&action=review Nice. Looks good so far but I still need to check this against the MarkedBlock code. Here are some typos while I continue reviewing. > Source/JavaScriptCore/ChangeLog:9 > + However, this means that HeapCell::isLive will see this object dead until it is marked. /object dead/object as dead/ > Source/JavaScriptCore/heap/PreciseAllocation.cpp:218 > + // We do not need to care about concurrency here since marking thread is stopped right now. This is followin to the logic /followin/equivalent/

Yusuke Suzuki

Comment 5 2020-09-18 16:31:18 PDT

Comment on attachment 409175 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409175&action=review >> Source/JavaScriptCore/ChangeLog:9 >> + However, this means that HeapCell::isLive will see this object dead until it is marked. > > /object dead/object as dead/ Fixed. >> Source/JavaScriptCore/heap/PreciseAllocation.cpp:218 >> + // We do not need to care about concurrency here since marking thread is stopped right now. This is followin to the logic > > /followin/equivalent/ Fixed.

Yusuke Suzuki

Comment 6 2020-09-18 16:32:30 PDT

Created attachment 409178 [details] Patch

Mark Lam

Comment 7 2020-09-18 17:36:35 PDT

Comment on attachment 409178 [details] Patch r=me. Nice fix, and nice comments documenting the reasoning behind all this.

Yusuke Suzuki

Comment 8 2020-09-18 18:22:49 PDT

Committed r267304: <https://trac.webkit.org/changeset/267304>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Yusuke Suzuki

Reported

2020-09-18 15:04 PDT

Modified

2020-09-18 18:22 PDT History

CC List

7 users Show

URL

Keywords InRadar

Depends on

Blocks