[webkit-dev] DefaultMarkViolation assertion failure

[Darin Adler]

On Jul 2, 2010, at 7:24 AM, Dan.Podwall at nokia.com wrote:

> Can anyone provide some background on the MarkStack::m_isCheckingForDefaultMarkViolation member and what it means when asserts on it fail?

There’s a flag in the structure that indicates whether a particular type of JSCell needs to have a virtual markChildren function called. The flag is named overridesMarkChildren.

This assertion is an indirect way to check and see if that flag is set correctly. If the flag is false, yet somehow markChildren ends up marking something, then the flag needs to be set to true, to cause MarkStack::markChildren take its slow path.

It appears that QtRuntimeObjectImp has a markChildren function, but does not arrange for the overridesMarkChildren bit to be set in the structure object that’s created.

In non-debug builds, the symptom of this can be quite serious. Objects will be garbage collected even though references to those objects still exist.

    -- Darin