mirror of
https://github.com/LadybirdBrowser/ladybird
synced 2026-05-12 09:56:45 +02:00
245b7d74a7
Move weak container cleanup (remove_dead_cells) out of both sweep_dead_cells() and start_incremental_sweep() to the place where it is actually safe to inspect cell state: collect_garbage(). Previously, remove_dead_cells could access cells that had already been swept and poisoned by ASAN, causing use-after-poison crashes when a new GC triggered while an incremental sweep was in progress.
58 lines
1.5 KiB
C++
58 lines
1.5 KiB
C++
/*
|
|
* Copyright (c) 2021-2022, Idan Horowitz <idan.horowitz@serenityos.org>
|
|
*
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*/
|
|
|
|
#include <LibJS/Runtime/WeakRef.h>
|
|
|
|
namespace JS {
|
|
|
|
GC_DEFINE_ALLOCATOR(WeakRef);
|
|
|
|
GC::Ref<WeakRef> WeakRef::create(Realm& realm, Object& value)
|
|
{
|
|
return realm.create<WeakRef>(value, realm.intrinsics().weak_ref_prototype());
|
|
}
|
|
|
|
GC::Ref<WeakRef> WeakRef::create(Realm& realm, Symbol& value)
|
|
{
|
|
return realm.create<WeakRef>(value, realm.intrinsics().weak_ref_prototype());
|
|
}
|
|
|
|
WeakRef::WeakRef(Object& value, Object& prototype)
|
|
: Object(ConstructWithPrototypeTag::Tag, prototype)
|
|
, WeakContainer(heap())
|
|
, m_value(&value)
|
|
, m_last_execution_generation(vm().execution_generation())
|
|
{
|
|
}
|
|
|
|
WeakRef::WeakRef(Symbol& value, Object& prototype)
|
|
: Object(ConstructWithPrototypeTag::Tag, prototype)
|
|
, WeakContainer(heap())
|
|
, m_value(&value)
|
|
, m_last_execution_generation(vm().execution_generation())
|
|
{
|
|
}
|
|
|
|
void WeakRef::remove_dead_cells(Badge<GC::Heap>)
|
|
{
|
|
if (m_value.visit([](Cell* cell) -> bool { return cell->state() == Cell::State::Live && cell->is_marked(); }, [](Empty) -> bool { return true; }))
|
|
return;
|
|
|
|
m_value = Empty {};
|
|
}
|
|
|
|
void WeakRef::visit_edges(Visitor& visitor)
|
|
{
|
|
Base::visit_edges(visitor);
|
|
|
|
if (vm().execution_generation() == m_last_execution_generation) {
|
|
auto* cell = m_value.visit([](Cell* cell) -> Cell* { return cell; }, [](Empty) -> Cell* { return nullptr; });
|
|
visitor.visit(cell);
|
|
}
|
|
}
|
|
|
|
}
|