Closed Bug 1422513 Opened 7 years ago Closed 4 years ago

GCManagedDeletePolicy doesn't work with GCPtrValue

Tracking

()

Status:

RESOLVED INVALID

People

(Reporter: jonco, Unassigned)

Details

Jon Coppeard (:jonco)

Reporter

Description

•

7 years ago

GCManagedDeletePolicy is used to safely remove a GC-managed object from the GC graph if we need to delete it outside of finalisation. This is used to handle failure during initialisation. It works by tracing the object with ClearEdgesTracer which invokes the necessary barriers to tell the GC that an edge is being removed from the graph and then clears the edge. This works fine for pointer edges. It doesn't work for Values edges because we unwrap and rewrap the pointer contained in the value before and after calling the methods on the tracer. So we won't do the correct barrier invocations and we may attempt to set e.g. a string value to nullptr which will assert / leave us with an invalid value. Having said all that, I can't find any instances where we have a GCManagedDeletePolicy which contains a GCPtrValue, but it's a footgun for future use and something we should address.

Jon Coppeard (:jonco)

Reporter

Comment 1

•

4 years ago

GCManagedDeletePolicy has been removed.

Status: NEW → RESOLVED

Closed: 4 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

GCManagedDeletePolicy doesn't work with GCPtrValue

Categories

(Core :: JavaScript: GC, enhancement, P3)

Tracking

()

People

(Reporter: jonco, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1