[webkit-changes] [WebKit/WebKit] 682cd1: [JSC] add GC object validation to the two-arg Heap...

Tue, 24 Feb 2026 15:48:02 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 682cd16441c4418b042cfc842585da9fe7fefd70
      
https://github.com/WebKit/WebKit/commit/682cd16441c4418b042cfc842585da9fe7fefd70
  Author: Dan Hecht <[email protected]>
  Date:   2026-02-24 (Tue, 24 Feb 2026)

  Changed paths:
    M Source/JavaScriptCore/heap/HeapInlines.h
    M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp

  Log Message:
  -----------
  [JSC] add GC object validation to the two-arg Heap::writeBarrier(from, to) 
when GC_VALIDATION is enabled
https://bugs.webkit.org/show_bug.cgi?id=308556
rdar://171085355

Reviewed by Yusuke Suzuki.

When called directly (i.e. not via WriteBarrier class), there is no
GC_VALIDATION for the Heap::writeBarrier(to, from) case. This function
is often used by WebCore, both directly and via JSValueInWrappedObject,
so it seems useful to have this validation.

So, add validation that to and from both look like valid GC objects.
GC_VALIDATION is enabled in !NDEBUG builds already.

Fix the static prediction hint on the if (!to). It should usually
be non-nullptr.

Write the two-arg and one-arg Heap::WriteBarrier isWithinThreshold guard
using the same (positive check) pattern for better readability.

The guards '!from' in both the two-arg and one-arg Heap::writeBarrier()
seem unnecessary since Debug builds verify they look like valid GC
objects which disallow nullptr. But let's change this in a future
commit to be careful.

There was only one place that was calling Heap::writeBarrier(to, from)
with an nullptr owner: MarkingGCAwareJITStubRoutine. Avoid doing that
so that we can always check from is a valid GC object.

Testing: Covered by existing tests with Debug builds. I also ran an EWS
tests with ENABLE_GC_VALIDATION=1 in Release builds and this change.

* Source/JavaScriptCore/heap/HeapInlines.h:
(JSC::Heap::writeBarrier):
* Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:
(JSC::MarkingGCAwareJITStubRoutine::MarkingGCAwareJITStubRoutine):

Canonical link: https://commits.webkit.org/308160@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to