[Webkit-unassigned] [Bug 162319] New: DFG::StoreBarrierInsertionPhase should assume that any epoch increment may make objects older

Tue Sep 20 14:24:40 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=162319

            Bug ID: 162319
           Summary: DFG::StoreBarrierInsertionPhase should assume that any
                    epoch increment may make objects older
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: fpizlo at apple.com

If you just allocated an object, then it's true that the object must be white.  But as soon as you do anything to it, it will become black.  The insertion phase needs to be smart about this.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160920/edd79309/attachment.html>