Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4211cd058e41ded60e6c7ca252d60371faf9a50f
https://github.com/WebKit/WebKit/commit/4211cd058e41ded60e6c7ca252d60371faf9a50f
Author: Yijia Huang <[email protected]>
Date: 2026-01-19 (Mon, 19 Jan 2026)
Changed paths:
M Source/JavaScriptCore/wasm/debugger/WasmDebugServer.cpp
M Source/JavaScriptCore/wasm/debugger/WasmDebugServer.h
M Source/JavaScriptCore/wasm/debugger/WasmMemoryHandler.cpp
M Source/JavaScriptCore/wasm/debugger/WasmModuleManager.cpp
M Source/JavaScriptCore/wasm/debugger/WasmModuleManager.h
M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
Log Message:
-----------
[JSC][WASM][Debugger] Fix instance registration race and use InstanceAnchor
for lifecycle management
rdar://168389785
https://bugs.webkit.org/show_bug.cgi?id=305714
Reviewed by Yusuke Suzuki.
Problem:
Debugger registration occurred in JSWebAssemblyInstance::finishCreation()
before memory setup, allowing ModuleManager::jsInstance() to return instances
without initialized memory.
Solution:
Move DebugServer::trackInstance() from finishCreation() to the end of
tryCreate(), after memory is initialized.
InstanceAnchor-based tracking:
- Changed ModuleManager to store ThreadSafeWeakPtr for thread-safe cross-thread
access
- Automatic cleanup via InstanceAnchor::tearDown() in destructor
- Amortized cleanup removes dead entries (every 2 * map_size operations)
- VM-stopped assertion ensures no GC during debugger access
Tests: Existing WASM debugger tests cover this scenario.
Canonical link: https://commits.webkit.org/305830@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
