Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(37)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 12987013: Fix crash involving zombie maps escaping from the JSON parser's underground lab (Closed)

Created:
7 years, 9 months ago by Jakob Kummerow
Modified:
7 years, 9 months ago
Reviewers:
Toon Verwaest
CC:
v8-dev
Visibility:
Public.

Description

Fix crash involving zombie maps escaping from the JSON parser's underground lab Zapping is required since transition arrays contain weak references to maps: At the end of a GC cycle, ClearNonLiveTransitions removes references to dead maps from transition arrays. If a marked transition array with weak (dead) references is replaced by another transition array before the end of the GC cycle, dead references are not removed from the replaced transition array. If the replaced transition array is kept alive by a handle, marking will crash when trying to mark the first reference to a dead map. Committed: http://code.google.com/p/v8/source/detail?r=14063

Patch Set 1 #

Patch Set 2 : better comment #

Unified diffs Side-by-side diffs Delta from patch set Stats (+7 lines, -4 lines) Patch
M src/objects-inl.h View 1 2 chunks +7 lines, -4 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
Jakob Kummerow
PTAL.
7 years, 9 months ago (2013-03-25 14:49:08 UTC) #1
Toon Verwaest
lgtm
7 years, 9 months ago (2013-03-25 15:07:44 UTC) #2
Jakob Kummerow
7 years, 9 months ago (2013-03-25 15:19:02 UTC) #3
Message was sent while issue was closed. 
Committed patchset #2 manually as r14063 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698