[Webkit-unassigned] [Bug 72312] DFG code blocks that have speculation checks on objects should refer to those objects weakly
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 17 08:30:32 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=72312
--- Comment #5 from Oliver Hunt <oliver at apple.com> 2011-11-17 08:30:33 PST ---
(From update of attachment 115538)
View in context: https://bugs.webkit.org/attachment.cgi?id=115538&action=review
> Source/JavaScriptCore/bytecode/CodeBlock.cpp:1685
> + // If some weak references are dead, then this fixpoint iteration was
> + // unsuccessful.
> + if (!allAreLiveSoFar)
> + return;
If we have weak references that are dead, where are we either clearing them, or removing the usage? My reading of this says that we'll end up maintaining references to dead objects, that may subsequently become live again (through new allocations) -- this does not currently happen as all values are forced to be live via the constant tables, but if that were not the case this seems like it would be incorrect. What have I missed?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list