[Webkit-unassigned] [Bug 159537] New: REGRESSION(184445): Need to insert a StoreBarrier when we don't know child's epoch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 7 16:49:31 PDT 2016


https://bugs.webkit.org/show_bug.cgi?id=159537

            Bug ID: 159537
           Summary: REGRESSION(184445): Need to insert a StoreBarrier when
                    we don't know child's epoch
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Major
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: msaboff at apple.com

In StoreBarrierInsertionPhase::considerBarrier(Edge base, Edge child), there is the following comment and code:

        // Something we watch out for here is that the null epoch is a catch-all for objects
        // allocated before we did any epoch tracking. Two objects being in the null epoch
        // means that we don't know their epoch relationship.
        if (!!base->epoch() && base->epoch() >= child->epoch()) {
            if (verbose)
                dataLog("            Rejecting because of epoch ordering.\n");
            return;
        }
The test doesn't check that the child's epoch is null and therefore we won't insert a barrier for the case where we allocate the base object, but don't know when the child object was allocated.

<rdar://problem/23438751>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160707/3853f84f/attachment.html>


More information about the webkit-unassigned mailing list