[Webkit-unassigned] [Bug 12535] Stack-optimizing compilers can trick GC into freeing in-use objects

Thu Feb 1 15:23:29 PST 2007

http://bugs.webkit.org/show_bug.cgi?id=12535

ggaren at apple.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|kjs garbage collector frees |Stack-optimizing compilers
                   |in-use object               |can trick GC into freeing
                   |                            |in-use objects

------- Comment #5 from ggaren at apple.com  2007-02-01 15:23 PDT -------
(In reply to comment #3)

I don't think pointers in the (non-GC) heap are a consideration. You already
have to protect them explicitly.

Honoring pointers to object bodies as pointers to the objects themselves seems
like it would solve the problem. I worry that it might increase marking
overhead substantially because we would start honoring more 'fake' pointers.

Another solution would be for objects to create an explicit, volatile stack
reference to 'this' before handing off pointers to their internals. Yet another
solution (in this particular case) would be to store a temporary UString on the
stack, and pass that UString by reference.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.