[Webkit-unassigned] [Bug 167755] New: GC may not visit event targets for async events

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 2 14:08:10 PST 2017


            Bug ID: 167755
           Summary: GC may not visit event targets for async events
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: msaboff at apple.com
                CC: cdumez at apple.com

When running the test fast/shadow-dom/slotchange-event-bubbling.html with a Debug build and the options JSC_scribbleFreeCells=true JSC_collectContinuously=true JSC_useGenerationalGC=false the following ASSERT will fire in JSEventListener.h

129         ASSERT(!m_isolatedWorld->isNormal() || m_wrapper || !m_jsFunction);

This is due to the Weak m_wrapper having been collected while the m_jsFunction is still alive.  We need to make sure we visit wrappers and functions for event targets that are on an asynchromous event queue.


You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170202/d7452cee/attachment-0001.html>

More information about the webkit-unassigned mailing list