[Webkit-unassigned] [Bug 164282] CodeBlock's finalization of ValueProfiles should be in the finalizer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 1 12:07:43 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=164282
--- Comment #1 from Filip Pizlo <fpizlo at apple.com> ---
Here's a sequence of events. I will mark events that happen with the world stopped with an *.
(0) GC is running, mutator has heap access
(1) op_enter in codeBlock
(2) writeBarrier(codeBlock)
(3) codeBlock.visitChildren
(4) valueProfile(codeBlock)
(5) codeBlock no longer on the stack
(6*) scan stack
(7*) end marking
(8*) run all unconditional finalizers, including codeBlock's.
In this world, the value profile update will not be handled by the GC because that's done in visitChildren and visitChildren will not run after the value profiling.
But we already have finalizers that can do this, and the ValueProfile work is finalization (it clears references to things) not marking (it never marks things).
So, to fix this bug, we just need to move the ValueProfile logic into the UnconditionalFinalizer.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161101/b1037efc/attachment.html>
More information about the webkit-unassigned
mailing list