Bug 186864
| Summary: | JSImmutableButterfly should zero its data in create | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Saam Barati <saam> |
| Component: | JavaScriptCore | Assignee: | Saam Barati <saam> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | Normal | CC: | benjamin, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, rmorisset, ticaiolima, ysuzuki |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Saam Barati
We currently allocate inside the bytecode generator as we fill in slots. If we don't zero, the GC may see garbage data in the immutable butterfly
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Saam Barati
(In reply to Saam Barati from comment #0)
> We currently allocate inside the bytecode generator as we fill in slots. If
> we don't zero, the GC may see garbage data in the immutable butterfly
This happens under a deferGC, so it's not a bug. I also recently added an assert to verify the heap is deferred.