[Webkit-unassigned] [Bug 209266] New: [JSC] StructureStubInfo::bufferedStructures should not ref/deref UniquedStringImpl

Wed Mar 18 19:22:15 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=209266

            Bug ID: 209266
           Summary: [JSC] StructureStubInfo::bufferedStructures should not
                    ref/deref UniquedStringImpl
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ysuzuki at apple.com

This data structure can be destroyed in CodeBlock::finalizeUnconditionally. So it should not include Strings.

1. Can we just set AtomStringTable when executing CodeBlock::finalizeUnconditionally?

This does not work correctly. Our Web Worker implementation is releasing heapAccess() when finishing code execution and waiting for runloop message.
This means that CodeBlock::finalizeUnconditionally can potentially work concurrently to Web Worker's main thread.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200319/afa357e0/attachment.htm>