[Webkit-unassigned] [Bug 12535] Stack-optimizing compilers can trick GC into freeing in-use objects
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 1 18:07:29 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12535
------- Comment #9 from huanr at yahoo.com 2007-02-01 18:07 PDT -------
(In reply to comment #4)
> (In reply to comment #2)
>
> Anrong, did you mean to say that the compiler may discard the reference to
> 'baseObj' or to 'baseVal'? Your reasoning points to 'baseVal', not 'baseObj'.
> Would this bug persist if toObject() made use of 'this', prohibiting the
> compiler from optimizing out baseVal?
>
> I don't think 'Collector::protect(baseVal);' is a very good solution. It's
> inefficient, and it doesn't seem to address the root cause of the problem,
> which may affect lots of different parts of the code.
>
Geoffrey,
I meant baseVal. The bug goes away if toObject() made use of 'this' thus
effectively lock baseVal.
Collector::protect(baseVal) fixes this code path. if this is a common pattern
then other solutions being discussed here may be better if they have no global
impact.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list