1. 5

  2. 2

    Oilpan in general is an interesting project–there is a lot more about why it was introduced in these slides. (There was discussion of a DOM GC mostly centered on performance from the same author; I’m not sure if they’re talking about the same thing or, if it’s different, if the DOM GC is deployed too or what.) I wasn’t aware of the clever heap layout stuff that PartitionAllocator was doing previously or that Oilpan changed it.

    Also interesting is that MS Edge also introduced a GC for the C++ side of their browser, MemGC, and notably at the end of that post the author also goes into how the change in allocator could expose some things to attack. MemGC semeed to be mostly about mitigating use-after-frees, where Oilpan seemed to be partly about performance and partly about the trickiness of avoiding use-after-free or leaks in Blink, especially when GC’d JavaScript objects can reference C++ nodes.