Wrapper tracing should ignore Smi values passed to V8 |
||||||||
Issue descriptionBlink calls void Heap::RegisterExternallyReferencedObject(Object** object) [1] for tracing across the API boundary. V8 needs to properly filter Smis to avoid treating them as heap objects. [1] https://cs.chromium.org/chromium/src/v8/src/heap/heap.cc?sq=package:chromium&l=5673
,
Apr 27 2017
This should be merged back after some time on Canary.
,
Apr 27 2017
,
Apr 27 2017
Your change meets the bar and is auto-approved for M59. Please go ahead and merge the CL to branch 3071 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), Abdul Syed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 28 2017
+ hablich@ for M58 merge review.
,
Apr 28 2017
This has not enough Canary coverage yet. mlippautz@ how does this manifest for the user? Memory corruption crashers? Does this only happen in special cases or "always"?
,
Apr 28 2017
Let's wait for Canary but this is a safe CL as it only filters out non heap objects. The crash can happen always and manifests in a crash entry for the bucket where this is inlined.
,
May 1 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/c2a7a031b854cc5bf7be84554f1d0824704c6100 commit c2a7a031b854cc5bf7be84554f1d0824704c6100 Author: Michael Lippautz <mlippautz@chromium.org> Date: Tue May 02 08:57:32 2017 Merged: [heap] Filter out non-heap values when tracing wrappers Revision: 1f3a95f1f7a11ba7a97901ea6046c251ef77bed4 BUG= chromium:716031 LOG=N NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=hpayer@chromium.org Review-Url: https://codereview.chromium.org/2858523002 . Cr-Commit-Position: refs/branch-heads/5.9@{#35} Cr-Branched-From: fe9bb7e6e251159852770160cfb21dad3cf03523-refs/heads/5.9.211@{#1} Cr-Branched-From: 70ad23791a21c0dd7ecef8d4d8dd30ff6fc291f6-refs/heads/master@{#44591} [modify] https://crrev.com/c2a7a031b854cc5bf7be84554f1d0824704c6100/src/heap/heap.cc
,
May 2 2017
,
May 2 2017
Crash rates on Android look awesome. I know of no major issues on desktop either. Absent evidence that this is impactful, there's no reason to merge to M58, which is already shipping to stable and is only taking critical merges. Thus, rejected - if you have evidence this is really hurting folks in the wild please let me know. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by bugdroid1@chromium.org
, Apr 27 2017