Ignore:
Timestamp:
Jul 1, 2011, 1:45:52 PM (14 years ago)
Author:
[email protected]
Message:

2011-07-01 Oliver Hunt <[email protected]>

GC sweep can occur before an object is completely initialised
https://bugs.webkit.org/show_bug.cgi?id=63836

Reviewed by Gavin Barraclough.

In rare cases it's possible for a GC sweep to occur while a
live, but not completely initialised object is on the stack.
In such a case we may incorrectly choose to mark it, even
though it has no children that need marking.

We resolve this by always zeroing out the structure of any
value returned from JSCell::operator new(), and making the
markstack tolerant of a null structure.

  • runtime/JSCell.h: (JSC::JSCell::JSCell::~JSCell): (JSC::JSCell::JSCell::operator new):
  • runtime/Structure.h: (JSC::MarkStack::internalAppend):
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r90268 r90273  
     12011-07-01  Oliver Hunt  <[email protected]>
     2
     3        GC sweep can occur before an object is completely initialised
     4        https://bugs.webkit.org/show_bug.cgi?id=63836
     5
     6        Reviewed by Gavin Barraclough.
     7
     8        In rare cases it's possible for a GC sweep to occur while a
     9        live, but not completely initialised object is on the stack.
     10        In such a case we may incorrectly choose to mark it, even
     11        though it has no children that need marking.
     12
     13        We resolve this by always zeroing out the structure of any
     14        value returned from JSCell::operator new(), and making the
     15        markstack tolerant of a null structure.
     16
     17        * runtime/JSCell.h:
     18        (JSC::JSCell::JSCell::~JSCell):
     19        (JSC::JSCell::JSCell::operator new):
     20        * runtime/Structure.h:
     21        (JSC::MarkStack::internalAppend):
     22
    1232011-07-01  Filip Pizlo  <[email protected]>
    224
Note: See TracChangeset for help on using the changeset viewer.