WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
87581
WebKit should be lazy-finalization-safe (esp. the DOM) v2
https://bugs.webkit.org/show_bug.cgi?id=87581
Summary
WebKit should be lazy-finalization-safe (esp. the DOM) v2
Geoffrey Garen
Reported
2012-05-26 14:57:20 PDT
WebKit should be lazy-finalization-safe (esp. the DOM) v2
Attachments
Patch
(41.95 KB, patch)
2012-05-26 15:04 PDT
,
Geoffrey Garen
oliver
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Geoffrey Garen
Comment 1
2012-05-26 15:04:28 PDT
Created
attachment 144207
[details]
Patch
Oliver Hunt
Comment 2
2012-05-26 15:12:33 PDT
Comment on
attachment 144207
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=144207&action=review
r+ assuming you change the !ASSERTION bits to GC validation, and can reasonably answer the static cast questions :D
> Source/JavaScriptCore/API/JSCallbackConstructor.cpp:64 > - jsCast<JSCallbackConstructor*>(cell)->JSCallbackConstructor::~JSCallbackConstructor(); > + static_cast<JSCallbackConstructor*>(cell)->JSCallbackConstructor::~JSCallbackConstructor();
Why are you making this change?
> Source/JavaScriptCore/API/JSCallbackObject.cpp:57 > - jsCast<JSCallbackObject*>(cell)->JSCallbackObject::~JSCallbackObject(); > + static_cast<JSCallbackObject*>(cell)->JSCallbackObject::~JSCallbackObject();
ditto
> Source/JavaScriptCore/API/JSCallbackObject.cpp:63 > - JSObjectRef thisRef = toRef(asObject(handle.get())); > + JSObjectRef thisRef = toRef(static_cast<JSObject*>(handle.get().asCell()));
if a static cast is valid, a jsCast should be as well -- why isn't it?
> Source/JavaScriptCore/heap/MarkedBlock.cpp:71 > +#if !ASSERT_DISABLED
Make this conditional on GC validation, not assertions. There are times where it's nice to be able to test stuff in release builds.
> Source/JavaScriptCore/heap/WeakSetInlines.h:53 > +#if !ASSERT_DISABLED > + weakImpl->jsValue().asCell()->clearStructure();
GC validation rather than assertion based... can you have multiple weak handles to a single object? might this break everything?
Geoffrey Garen
Comment 3
2012-05-26 15:36:17 PDT
> > Source/JavaScriptCore/API/JSCallbackConstructor.cpp:64 > > - jsCast<JSCallbackConstructor*>(cell)->JSCallbackConstructor::~JSCallbackConstructor(); > > + static_cast<JSCallbackConstructor*>(cell)->JSCallbackConstructor::~JSCallbackConstructor(); > > Why are you making this change?
jsCast does Structure-based validation, and our Structure is not guaranteed to be alive when we get finalized. In particular, if our Structure has been recycled, the jsCast will probably ASSERT, and if our Structure has been unmapped from memory, the jsCast will segfault. static_cast allows us to access our object just enough to deref / free its C++ pointers. Perhaps we can clarify this interface in the future.
> > Source/JavaScriptCore/heap/MarkedBlock.cpp:71 > > +#if !ASSERT_DISABLED > > Make this conditional on GC validation, not assertions.
Added || ENABLE(GC_VALIDATION)
> can you have multiple weak handles to a single object? might this break everything?
Yes, you can. No, it doesn't break anything. If one handle is dead, they're all dead, so scribbling this structure is correct for them all.
Geoffrey Garen
Comment 4
2012-05-26 15:40:51 PDT
Committed
r118616
: <
http://trac.webkit.org/changeset/118616
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug