[Webkit-unassigned] [Bug 72346] New: Weak reference harvesters should run to fixpoint
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 14 19:27:12 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=72346
Summary: Weak reference harvesters should run to fixpoint
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
Blocks: 72312
The weak reference harvester infrastructure is intended for use with inline caches and DFG optimized code that makes weak references to objects in the JavaScript heap. But there is a special car that requires special treatment: a put_by_id transition refers to two structures, previous and next, and has the semantics of installing the 'next' structure if the previous structure was 'previous'. Consider a sequence of put_by_id transitions as follows:
put_by_id empty -> a
put_by_id a -> b
put_by_id b -> c
It may be that this is the only code that refers to structures a and b. 'empty' refers to the global empty structure. Hence, a and b are almost certainly dead during any GC, while empty and c are alive. What we want the weak reference harvester to do is keep a alive so long as empty is alive, and then keep b alive so long as a is alive. The best way to do this is to allow weak reference harvesters to mark objects, and to run them to fix point.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list