[Webkit-unassigned] [Bug 181655] New: Replace isFreeListedCell with some machinery to determine if a cell is dead-but-not-destructed

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 15 12:11:29 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=181655

            Bug ID: 181655
           Summary: Replace isFreeListedCell with some machinery to
                    determine if a cell is dead-but-not-destructed
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: fpizlo at apple.com

Due to https://bugs.webkit.org/show_bug.cgi?id=172548, we now have a variety of watchpoints (and any event handler that deregisters during destruction) check if their owner object is still live if they are fired. This protects the case where the owner is dead-but-not-destructed.

This "is live" query requires sometimes dealing with free-listed blocks, since an object might as "am I live" due to some watchpoint while the block that it was allocated out of is still in the free-listed state.  That's annoying, since that means walking the free-lists of active blocks.

But notice that a block that is free-listed cannot have any dead-but-not-destructed objects in it. Therefore, we should simplify our solution to bug 172548 to use a HeapCell::isDeadButNotDestructed(), which can automatically return false if the owning block is free-listed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180115/46420ad6/attachment-0001.html>


More information about the webkit-unassigned mailing list