[Webkit-unassigned] [Bug 164433] REGRESSION: Crashes in StringImpl destructor during GC
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Nov 5 15:30:00 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=164433
--- Comment #5 from Filip Pizlo <fpizlo at apple.com> ---
(In reply to comment #4)
> First occurrence that I see was on 2016-11-02 16:21:01.
>
> Filip, could this be caused by threaded GC (r208306)?
Yup, that's the patch at fault. Should be really easy to fix. Basically, we just need to move anything in the GC that touches strings off the GC thread. It's usually easy to do this. Here we see the collector calling some HasOwnPropertyCache thing, which it shouldn't be doing.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161105/f27908e8/attachment.html>
More information about the webkit-unassigned
mailing list