Bug 186864 - JSImmutableButterfly should zero its data in create
Summary: JSImmutableButterfly should zero its data in create
Status: RESOLVED WONTFIX
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-20 15:01 PDT by Saam Barati
Modified: 2018-06-25 17:50 PDT (History)
11 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2018-06-20 15:01:41 PDT 
We currently allocate inside the bytecode generator as we fill in slots. If we don't zero, the GC may see garbage data in the immutable butterfly
Comment 1 Saam Barati 2018-06-25 17:50:35 PDT 
(In reply to Saam Barati from comment #0)
> We currently allocate inside the bytecode generator as we fill in slots. If
> we don't zero, the GC may see garbage data in the immutable butterfly

This happens under a deferGC, so it's not a bug. I also recently added an assert to verify the heap is deferred.