Bug 265721 - [Wasm-GC] Typedef unrolling cache should hold values strongly
Summary: [Wasm-GC] Typedef unrolling cache should hold values strongly
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebAssembly (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks: 247394
  Show dependency treegraph
 
Reported: 2023-12-02 10:30 PST by Asumu Takikawa
Modified: 2023-12-13 19:14 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Asumu Takikawa 2023-12-02 10:30:18 PST 
There is a cache used for unrolling rec/sub types, to avoid re-computing this constantly. The cache holds keys weakly (when the key is collected, it should be explicitly removed from the cache map) but it should hold values strongly to avoid deallocation. Right now the values are also held weakly.

Changing this to use a `RefPtr` instead fixes some crashes related to this. It's been difficult to construct a example to reproduce the issue, but it comes up in real programs.
Comment 1 Radar WebKit Bug Importer 2023-12-09 10:31:13 PST 
<rdar://problem/119435998>
Comment 2 Asumu Takikawa 2023-12-13 09:32:30 PST 
Pull request: https://github.com/WebKit/WebKit/pull/21739
Comment 3 EWS 2023-12-13 19:14:56 PST 
Committed 272016@main (456ffae07aa8): <https://commits.webkit.org/272016@main>

Reviewed commits have been landed. Closing PR #21739 and removing active labels.