[Webkit-unassigned] [Bug 172738] Implementors of memoryCost() need to be thread-safe
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 30 16:49:36 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=172738
--- Comment #2 from Mark Lam <mark.lam at apple.com> ---
1. It is safe for the GC to scan any JS object pointers in these DOM objects because the GC controls the life-cycle of JS objects referenced by those pointers.
2. It is safe for the GC to scan wrapped objects because:
a. all JS DOM object wrappers extend JSDOMWrapper, and
b. JSDOMWrapper has a Ref to the wrapped object.
This means that the wrapped object is guaranteed to outlive the JS wrapper.
Also, there's a 1 to 1 correspondence between the wrapper and the wrapped object.
We never change the wrapped object after creation of the wrapper.
Based on the above, the work in visitChildren should be safe because the "visiting" is should only be done on JS objects pointers. Calling memoryCost() on wrapped objects is safe because the wrapped object is guaranteed to be alive still.
The remaining question is whether the various implementations of memoryCost() does anything with sub-objects that are not tied to the liveness of JS objects.
We should still do a survey of the visitChildren implementations to see if they call any other C++ member functions that may also do thread unsafe work.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170530/87b0f038/attachment-0001.html>
More information about the webkit-unassigned
mailing list