| Summary: | JSImmutableButterfly should zero its data in create | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Saam Barati <saam> |
| Component: | JavaScriptCore | Assignee: | Saam Barati <saam> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | Normal | CC: | benjamin, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, rmorisset, ticaiolima, ysuzuki |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
|
Description
Saam Barati
2018-06-20 15:01:41 PDT
(In reply to Saam Barati from comment #0) > We currently allocate inside the bytecode generator as we fill in slots. If > we don't zero, the GC may see garbage data in the immutable butterfly This happens under a deferGC, so it's not a bug. I also recently added an assert to verify the heap is deferred. |