[webkit-reviews] review granted: [Bug 203231] Clients of JSArray::tryCreateUninitializedRestricted() should invoke the mutatorFence(). : [Attachment 381513] proposed patch.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 22 12:03:48 PDT 2019
Saam Barati <sbarati at apple.com> has granted Mark Lam <mark.lam at apple.com>'s
request for review:
Bug 203231: Clients of JSArray::tryCreateUninitializedRestricted() should
invoke the mutatorFence().
https://bugs.webkit.org/show_bug.cgi?id=203231
Attachment 381513: proposed patch.
https://bugs.webkit.org/attachment.cgi?id=381513&action=review
--- Comment #4 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 381513
--> https://bugs.webkit.org/attachment.cgi?id=381513
proposed patch.
View in context: https://bugs.webkit.org/attachment.cgi?id=381513&action=review
> Source/JavaScriptCore/ChangeLog:18
> + That said, there's no guarantee that we won't reach a GC safe point
with the
> + newly created array is on the stack before it gets put into an owner
object
> + (or GC root).
how does a safe point not do the required fencing?
I think this is necessary because when we store the array into another object.
But I don't think it's necessary for this reason.
More information about the webkit-reviews
mailing list