Title: [86974] trunk/Source/_javascript_Core
- Revision
- 86974
- Author
- commit-qu...@webkit.org
- Date
- 2011-05-20 12:06:29 -0700 (Fri, 20 May 2011)
Log Message
2011-05-20 Zoltan Herczeg <zherc...@inf.u-szeged.hu>
Reviewed by Oliver Hunt.
Zombies should "live" forever
https://bugs.webkit.org/show_bug.cgi?id=61170
Reusing zombie cells could still hide garbage
collected cell related bugs.
* _javascript_Core.pro:
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::clearMarks):
* heap/MarkedBlock.h:
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::destroy):
* runtime/JSCell.h:
(JSC::JSCell::JSValue::isZombie):
* runtime/JSZombie.h:
(JSC::JSZombie::~JSZombie):
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::setWithoutWriteBarrier):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (86973 => 86974)
--- trunk/Source/_javascript_Core/ChangeLog 2011-05-20 19:04:52 UTC (rev 86973)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-05-20 19:06:29 UTC (rev 86974)
@@ -1,3 +1,26 @@
+2011-05-20 Zoltan Herczeg <zherc...@inf.u-szeged.hu>
+
+ Reviewed by Oliver Hunt.
+
+ Zombies should "live" forever
+ https://bugs.webkit.org/show_bug.cgi?id=61170
+
+ Reusing zombie cells could still hide garbage
+ collected cell related bugs.
+
+ * _javascript_Core.pro:
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::clearMarks):
+ * heap/MarkedBlock.h:
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::destroy):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::isZombie):
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::~JSZombie):
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+
2011-05-20 Brady Eidson <beid...@apple.com>
Reviewed by Sam Weinig.
Modified: trunk/Source/_javascript_Core/_javascript_Core.pro (86973 => 86974)
--- trunk/Source/_javascript_Core/_javascript_Core.pro 2011-05-20 19:04:52 UTC (rev 86973)
+++ trunk/Source/_javascript_Core/_javascript_Core.pro 2011-05-20 19:06:29 UTC (rev 86974)
@@ -62,9 +62,7 @@
assembler/ARMAssembler.cpp \
assembler/ARMv7Assembler.cpp \
assembler/MacroAssemblerARM.cpp \
- assembler/MacroAssemblerSH4.h \
assembler/MacroAssemblerSH4.cpp \
- assembler/SH4Assembler.h \
bytecode/CodeBlock.cpp \
bytecode/JumpTable.cpp \
bytecode/Opcode.cpp \
@@ -167,6 +165,7 @@
runtime/JSValue.cpp \
runtime/JSVariableObject.cpp \
runtime/JSWrapperObject.cpp \
+ runtime/JSZombie.cpp \
runtime/LiteralParser.cpp \
runtime/Lookup.cpp \
runtime/MathObject.cpp \
Modified: trunk/Source/_javascript_Core/heap/MarkedBlock.cpp (86973 => 86974)
--- trunk/Source/_javascript_Core/heap/MarkedBlock.cpp 2011-05-20 19:04:52 UTC (rev 86973)
+++ trunk/Source/_javascript_Core/heap/MarkedBlock.cpp 2011-05-20 19:06:29 UTC (rev 86974)
@@ -86,4 +86,19 @@
}
}
+#if ENABLE(JSC_ZOMBIES)
+void MarkedBlock::clearMarks()
+{
+ /* Keep our precious zombies! */
+ for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell) {
+ if (m_marks.get(i))
+ continue;
+
+ JSCell* cell = reinterpret_cast<JSCell*>(&atoms()[i]);
+ if (!cell->isZombie())
+ m_marks.clear(i);
+ }
+}
+#endif
+
} // namespace JSC
Modified: trunk/Source/_javascript_Core/heap/MarkedBlock.h (86973 => 86974)
--- trunk/Source/_javascript_Core/heap/MarkedBlock.h 2011-05-20 19:04:52 UTC (rev 86973)
+++ trunk/Source/_javascript_Core/heap/MarkedBlock.h 2011-05-20 19:06:29 UTC (rev 86974)
@@ -154,10 +154,12 @@
return m_marks.isEmpty();
}
+#if !ENABLE(JSC_ZOMBIES)
inline void MarkedBlock::clearMarks()
{
m_marks.clearAll();
}
+#endif
inline size_t MarkedBlock::markCount()
{
Modified: trunk/Source/_javascript_Core/heap/MarkedSpace.cpp (86973 => 86974)
--- trunk/Source/_javascript_Core/heap/MarkedSpace.cpp 2011-05-20 19:04:52 UTC (rev 86973)
+++ trunk/Source/_javascript_Core/heap/MarkedSpace.cpp 2011-05-20 19:06:29 UTC (rev 86974)
@@ -46,9 +46,12 @@
void MarkedSpace::destroy()
{
+ /* Keep our precious zombies! */
+#if !ENABLE(JSC_ZOMBIES)
clearMarks();
shrink();
ASSERT(!size());
+#endif
}
MarkedBlock* MarkedSpace::allocateBlock(SizeClass& sizeClass)
Modified: trunk/Source/_javascript_Core/runtime/JSCell.h (86973 => 86974)
--- trunk/Source/_javascript_Core/runtime/JSCell.h 2011-05-20 19:04:52 UTC (rev 86973)
+++ trunk/Source/_javascript_Core/runtime/JSCell.h 2011-05-20 19:06:29 UTC (rev 86974)
@@ -355,11 +355,11 @@
{
return MarkedSpace::heap(c);
}
-
+
#if ENABLE(JSC_ZOMBIES)
inline bool JSValue::isZombie() const
{
- return isCell() && asCell() > (JSCell*)0x1ffffffffL && asCell()->isZombie();
+ return isCell() && asCell()->isZombie();
}
#endif
Modified: trunk/Source/_javascript_Core/runtime/JSZombie.h (86973 => 86974)
--- trunk/Source/_javascript_Core/runtime/JSZombie.h 2011-05-20 19:04:52 UTC (rev 86973)
+++ trunk/Source/_javascript_Core/runtime/JSZombie.h 2011-05-20 19:06:29 UTC (rev 86974)
@@ -41,6 +41,12 @@
ASSERT(inherits(&s_info));
}
+ ~JSZombie()
+ {
+ /* Zombie cells should never been reused. */
+ ASSERT_NOT_REACHED();
+ }
+
virtual bool isZombie() const { return true; }
virtual bool isGetterSetter() const { ASSERT_NOT_REACHED(); return false; }
Modified: trunk/Source/_javascript_Core/runtime/WriteBarrier.h (86973 => 86974)
--- trunk/Source/_javascript_Core/runtime/WriteBarrier.h 2011-05-20 19:04:52 UTC (rev 86973)
+++ trunk/Source/_javascript_Core/runtime/WriteBarrier.h 2011-05-20 19:06:29 UTC (rev 86974)
@@ -129,7 +129,7 @@
{
this->m_cell = reinterpret_cast<JSCell*>(value);
#if ENABLE(JSC_ZOMBIES)
- ASSERT(!m_cell || !isZombie(m_cell));
+ ASSERT(!m_cell || value == reinterpret_cast<T*>(1) || !isZombie(m_cell));
#endif
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
