[webkit-reviews] review requested: [Bug 53716] JSC::Bindings m_rootObject->isValid() assert fails when running layout tests : [Attachment 81683] Patch to change failing ASSERT to conditionally remove RuntimeObject
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 8 13:34:59 PST 2011
Michael Saboff <msaboff at apple.com> has asked for review:
Bug 53716: JSC::Bindings m_rootObject->isValid() assert fails when running
layout tests
https://bugs.webkit.org/show_bug.cgi?id=53716
Attachment 81683: Patch to change failing ASSERT to conditionally remove
RuntimeObject
https://bugs.webkit.org/attachment.cgi?id=81683&action=review
------- Additional Comments from Michael Saboff <msaboff at apple.com>
There is a race where a RuntimeObject has been marked for garbage collection
but not reclaimed. When RootObject::invalidate() is called for a RootObject
containing a GC'ed RuntimeObject, the invalidate call for the RuntimeObject
will not be called (due to the m_runtimeObject.isValid(it) check). The
m_runtimeObjects WeakGCMap will be cleared and the m_valid flag will be
cleared. Later, when the RuntimeObject's dtor is called, it will clean up the
related Instance object which was leading to the ASSERTion failure.
The code has been changed to make the removal of the runtime object conditional
on m_rootObject being valid. If it isn't valid, the RuntimeObject has already
been removed.
More information about the webkit-reviews
mailing list