<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - The mutator needs to fire a barrier after memmoving stuff around in an object that the GC scans"
href="https://bugs.webkit.org/show_bug.cgi?id=167208">167208</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>The mutator needs to fire a barrier after memmoving stuff around in an object that the GC scans
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>fpizlo@apple.com
</td>
</tr></table>
<p>
<div>
<pre>We didn't used to need these kinds of barriers, but now we do!
It used to be that if you moved a value from one place to another in the same object then there is no need for a barrier because the generational GC would have no need to know that the referent still continues to refer to the same referee.
But the concurrent GC might scan that object as the mutator moves pointers around in it. If the ordering is right, this could mean that the collector never sees some of those pointers. This can be fixed by adding a barrier.
This bug covers the most obvious cases I found. There may be more and I'll continue to audit.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>