<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - GCAwareJITStubRoutines should be GC cells"
href="https://bugs.webkit.org/show_bug.cgi?id=148914#c1">Comment # 1</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - GCAwareJITStubRoutines should be GC cells"
href="https://bugs.webkit.org/show_bug.cgi?id=148914">bug 148914</a>
from <span class="vcard"><a class="email" href="mailto:fpizlo@apple.com" title="Filip Pizlo <fpizlo@apple.com>"> <span class="fn">Filip Pizlo</span></a>
</span></b>
<pre>This could also be addressed by having stub routines hold RefPtr's to each other. For example, in the case of a getter, we have the following objects:
1) PolymorphicAccess
2) AccessCase
3) CallLinkInfo
4) JITStubRoutine for PolymorphicAccess
5) JITStubRoutine for CallLinkInfo
Currently we would have the following ownership/ref rules:
(1) owns (2)
(2) owns (3)
(1) refs (4)
(3) refs (5)
Everything would be fine if we also added:
(5) refs (4)
This feels like it might be a bit ad-hoc and certainly not as flexible if these were GC cells. But, it would work!
In particular:
- If (5) gets deleted, then (3)->(5) must have been cleared first.
- If (4) gets deleted, then (1)->(4) and (5)->(4) must have been cleared first.
- If the owning stub gets destroyed, then everyone gets deleted.
Basically, there is no case where things leak and there is no case where a dangling pointer is left behind.
This could be implemented by giving CallLinkInfo a pointer to its owning JIT stub routine, or more generally, its "JIT owner". This would mean that we'd also have:
(3) refs (4).
Then, when the CallLinkInfo needs to spawn a stub routine, it can ensure that this new stub routine refs the stub that owned the CallLinkInfo.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>