Changeset 123500 in webkit


Ignore:
Timestamp:
Jul 24, 2012 11:42:54 AM (12 years ago)
Author:
haraken@chromium.org
Message:

[V8] String wrappers should be marked Independent
https://bugs.webkit.org/show_bug.cgi?id=91251

Reviewed by Adam Barth.

Currently V8 String wrappers are not marked Independent.
By marking them Independent, they can be reclaimed by the scavenger GC.
Although I couldn't find a case where this change reduces memory usage,
this change would be important for upcoming changes in string conversion
between V8 and WebKit (https://bugs.webkit.org/show_bug.cgi?id=91850).

'm_lastStringImpl = 0' in StringCache::remove() is important.
Look at the following code:

static void cachedStringCallback(v8::Persistent<v8::Value> wrapper, void* parameter)
{

...;
stringCache()->remove(stringImpl);
wrapper.Dispose();

}

void StringCache::remove(StringImpl* stringImpl)
{

...
if (m_lastStringImpl.get() == stringImpl)

m_lastStringImpl = 0;

}

v8::Local<v8::String> v8ExternalString(StringImpl* stringImpl, v8::Isolate* isolate)
{

if (m_lastStringImpl.get() == stringImpl) {

return v8::Local<v8::String>::New(m_lastV8String); m_lastV8String points to a wrapper object that was accessed most recently.

}
return v8ExternalStringSlow(stringImpl, isolate);

}

Without 'm_lastStringImpl = 0', already disposed m_lastV8String can be used
in v8ExternalString(). This was a cause of the crashes of r122614.

Tests: At the initial commit of this patch (r122614),

the following tests had been broken due to missing 'm_lastStringImpl = 0'.
fast/workers/worker-location.html
Dromaeo/cssquery-jquery.html
Dromaeo/jslib-event-jquery.html
Dromaeo/jslib-style-jquery.html
Dromaeo/jslib-style-prototype.html

  • bindings/v8/V8Binding.cpp:

(WebCore::StringCache::remove):
(WebCore::StringCache::v8ExternalStringSlow):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r123499 r123500  
     12012-07-24  Kentaro Hara  <haraken@chromium.org>
     2
     3        [V8] String wrappers should be marked Independent
     4        https://bugs.webkit.org/show_bug.cgi?id=91251
     5
     6        Reviewed by Adam Barth.
     7
     8        Currently V8 String wrappers are not marked Independent.
     9        By marking them Independent, they can be reclaimed by the scavenger GC.
     10        Although I couldn't find a case where this change reduces memory usage,
     11        this change would be important for upcoming changes in string conversion
     12        between V8 and WebKit (https://bugs.webkit.org/show_bug.cgi?id=91850).
     13
     14        'm_lastStringImpl = 0' in StringCache::remove() is important.
     15        Look at the following code:
     16
     17            static void cachedStringCallback(v8::Persistent<v8::Value> wrapper, void* parameter)
     18            {
     19                ...;
     20                stringCache()->remove(stringImpl);
     21                wrapper.Dispose();
     22            }
     23
     24            void StringCache::remove(StringImpl* stringImpl)
     25            {
     26                ...
     27                if (m_lastStringImpl.get() == stringImpl)
     28                    m_lastStringImpl = 0;
     29            }
     30
     31            v8::Local<v8::String> v8ExternalString(StringImpl* stringImpl, v8::Isolate* isolate)
     32            {
     33                if (m_lastStringImpl.get() == stringImpl) {
     34                    return v8::Local<v8::String>::New(m_lastV8String); // m_lastV8String points to a wrapper object that was accessed most recently.
     35                }
     36                return v8ExternalStringSlow(stringImpl, isolate);
     37            }
     38
     39        Without 'm_lastStringImpl = 0', already disposed m_lastV8String can be used
     40        in v8ExternalString(). This was a cause of the crashes of r122614.
     41
     42        Tests: At the initial commit of this patch (r122614),
     43               the following tests had been broken due to missing 'm_lastStringImpl = 0'.
     44               fast/workers/worker-location.html
     45               Dromaeo/cssquery-jquery.html
     46               Dromaeo/jslib-event-jquery.html
     47               Dromaeo/jslib-style-jquery.html
     48               Dromaeo/jslib-style-prototype.html
     49
     50        * bindings/v8/V8Binding.cpp:
     51        (WebCore::StringCache::remove):
     52        (WebCore::StringCache::v8ExternalStringSlow):
     53
    1542012-07-24  Tommy Widenflycht  <tommyw@google.com>
    255

  • trunk/Source/WebCore/bindings/v8/V8Binding.cpp

    r122717 r123500  
    468468    ASSERT(m_stringCache.contains(stringImpl));
    469469    m_stringCache.remove(stringImpl);
     470    // Make sure that already disposed m_lastV8String is not used in
     471    // StringCache::v8ExternalString().
     472    if (m_lastStringImpl.get() == stringImpl)
     473        m_lastStringImpl = 0;
    470474}
    471475
     
    494498
    495499    stringImpl->ref();
     500    wrapper.MarkIndependent();
    496501    wrapper.MakeWeak(stringImpl, cachedStringCallback);
    497502    m_stringCache.set(stringImpl, *wrapper);
Note: See TracChangeset for help on using the changeset viewer.