Changeset 51624 in webkit
- Timestamp:
- Dec 2, 2009 10:25:58 PM (14 years ago)
- Location:
- trunk/JavaScriptCore
- Files:
-
- 9 edited
-
ChangeLog (modified) (1 diff)
-
JavaScriptCore.xcodeproj/project.pbxproj (modified) (4 diffs)
-
interpreter/Register.h (modified) (1 diff)
-
runtime/ArgList.h (modified) (2 diffs)
-
runtime/Collector.cpp (modified) (6 diffs)
-
runtime/Collector.h (modified) (1 diff)
-
runtime/JSCell.h (modified) (3 diffs)
-
runtime/JSValue.h (modified) (6 diffs)
-
wtf/Platform.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JavaScriptCore/ChangeLog
r51566 r51624 1 2009-12-02 Oliver Hunt <oliver@apple.com> 2 3 Reviewed by Gavin Barraclough. 4 5 Add zombies to JSC 6 https://bugs.webkit.org/show_bug.cgi?id=32103 7 8 Add a compile time flag to make the JSC collector replace "unreachable" 9 objects with zombie objects. The zombie object is a JSCell subclass that 10 ASSERTs on any attempt to use the JSCell methods. In addition there are 11 a number of additional assertions in bottleneck code to catch zombie usage 12 as quickly as possible. 13 14 Grrr. Argh. Brains. 15 16 * JavaScriptCore.xcodeproj/project.pbxproj: 17 * interpreter/Register.h: 18 (JSC::Register::Register): 19 * runtime/ArgList.h: 20 (JSC::MarkedArgumentBuffer::append): 21 (JSC::ArgList::ArgList): 22 * runtime/Collector.cpp: 23 (JSC::Heap::destroy): 24 (JSC::Heap::sweep): 25 * runtime/Collector.h: 26 * runtime/JSCell.h: 27 (JSC::JSCell::isZombie): 28 (JSC::JSValue::isZombie): 29 * runtime/JSValue.h: 30 (JSC::JSValue::decode): 31 (JSC::JSValue::JSValue): 32 * wtf/Platform.h: 33 1 34 2009-12-01 Jens Alfke <snej@chromium.org> 2 35 -
trunk/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
r51337 r51624 285 285 A7A1F7AD0F252B3C00E184E2 /* ByteArray.h in Headers */ = {isa = PBXBuildFile; fileRef = A7A1F7AB0F252B3C00E184E2 /* ByteArray.h */; settings = {ATTRIBUTES = (Private, ); }; }; 286 286 A7B48F490EE8936F00DCBDB6 /* ExecutableAllocator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7B48DB60EE74CFC00DCBDB6 /* ExecutableAllocator.cpp */; }; 287 A7C2217810C7479400F97913 /* JSZombie.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7C2216B10C7469C00F97913 /* JSZombie.cpp */; }; 287 288 A7C530E4102A3813005BC741 /* MarkStackPosix.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7C530E3102A3813005BC741 /* MarkStackPosix.cpp */; }; 288 289 A7D649AA1015224E009B2E1B /* PossiblyNull.h in Headers */ = {isa = PBXBuildFile; fileRef = A7D649A91015224E009B2E1B /* PossiblyNull.h */; settings = {ATTRIBUTES = (Private, ); }; }; … … 838 839 A7B48DB50EE74CFC00DCBDB6 /* ExecutableAllocator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ExecutableAllocator.h; sourceTree = "<group>"; }; 839 840 A7B48DB60EE74CFC00DCBDB6 /* ExecutableAllocator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ExecutableAllocator.cpp; sourceTree = "<group>"; }; 841 A7C2216810C745E000F97913 /* JSZombie.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSZombie.h; sourceTree = "<group>"; }; 842 A7C2216B10C7469C00F97913 /* JSZombie.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSZombie.cpp; sourceTree = "<group>"; }; 840 843 A7C530E3102A3813005BC741 /* MarkStackPosix.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MarkStackPosix.cpp; sourceTree = "<group>"; }; 841 844 A7D649A91015224E009B2E1B /* PossiblyNull.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PossiblyNull.h; sourceTree = "<group>"; }; … … 1597 1600 F692A8860255597D01FF60F7 /* UString.h */, 1598 1601 1420BE7A10AA6DDB00F455D2 /* WeakRandom.h */, 1602 A7C2216810C745E000F97913 /* JSZombie.h */, 1603 A7C2216B10C7469C00F97913 /* JSZombie.cpp */, 1599 1604 ); 1600 1605 path = runtime; … … 2449 2454 1429DAE10ED2645B00B89619 /* WRECGenerator.cpp in Sources */, 2450 2455 1429DAC00ED263E700B89619 /* WRECParser.cpp in Sources */, 2456 A7C2217810C7479400F97913 /* JSZombie.cpp in Sources */, 2451 2457 ); 2452 2458 runOnlyForDeploymentPostprocessing = 0; -
trunk/JavaScriptCore/interpreter/Register.h
r48067 r51624 105 105 ALWAYS_INLINE Register::Register(JSValue v) 106 106 { 107 #if ENABLE(JSC_ZOMBIES) 108 ASSERT(!v.isZombie()); 109 #endif 107 110 u.value = JSValue::encode(v); 108 111 } -
trunk/JavaScriptCore/runtime/ArgList.h
r48067 r51624 105 105 { 106 106 ASSERT(!m_isReadOnly); 107 107 108 #if ENABLE(JSC_ZOMBIES) 109 ASSERT(!v.isZombie()); 110 #endif 111 108 112 if (m_isUsingInlineBuffer && m_size < inlineCapacity) { 109 113 m_vector.uncheckedAppend(v); … … 188 192 , m_argCount(argCount) 189 193 { 194 #if ENABLE(JSC_ZOMBIES) 195 for (size_t i = 0; i < argCount; i++) 196 ASSERT(!m_args[i].isZombie()); 197 #endif 190 198 } 191 199 -
trunk/JavaScriptCore/runtime/Collector.cpp
r50833 r51624 33 33 #include "JSString.h" 34 34 #include "JSValue.h" 35 #include "JSZombie.h" 35 36 #include "MarkStack.h" 36 37 #include "Nodes.h" … … 195 196 sweep<PrimaryHeap>(); 196 197 // No need to sweep number heap, because the JSNumber destructor doesn't do anything. 197 198 #if ENABLE(JSC_ZOMBIES) 199 ASSERT(primaryHeap.numLiveObjects == primaryHeap.numZombies); 200 #else 198 201 ASSERT(!primaryHeap.numLiveObjects); 199 202 #endif 200 203 freeBlocks(&primaryHeap); 201 204 freeBlocks(&numberHeap); … … 1037 1040 if (cell->u.freeCell.zeroIfFree == 0) 1038 1041 continue; 1039 1042 #if ENABLE(JSC_ZOMBIES) 1043 if (!imp->isZombie()) { 1044 const ClassInfo* info = imp->classInfo(); 1045 imp->~JSCell(); 1046 new (imp) JSZombie(info, JSZombie::leakedZombieStructure()); 1047 heap.numZombies++; 1048 } 1049 #else 1040 1050 imp->~JSCell(); 1051 #endif 1041 1052 } 1042 1053 --numLiveObjects; 1054 #if !ENABLE(JSC_ZOMBIES) 1043 1055 --usedCells; 1044 --numLiveObjects;1045 1056 1046 1057 // put cell on the free list … … 1048 1059 cell->u.freeCell.next = freeList - (cell + 1); 1049 1060 freeList = cell; 1061 #endif 1050 1062 } 1051 1063 } … … 1060 1072 if (heapType != NumberHeap) { 1061 1073 JSCell* imp = reinterpret_cast<JSCell*>(cell); 1074 #if ENABLE(JSC_ZOMBIES) 1075 if (!imp->isZombie()) { 1076 const ClassInfo* info = imp->classInfo(); 1077 imp->~JSCell(); 1078 new (imp) JSZombie(info, JSZombie::leakedZombieStructure()); 1079 heap.numZombies++; 1080 } 1081 #else 1062 1082 imp->~JSCell(); 1083 #endif 1063 1084 } 1085 #if !ENABLE(JSC_ZOMBIES) 1064 1086 --usedCells; 1065 1087 --numLiveObjects; … … 1069 1091 cell->u.freeCell.next = freeList - (cell + 1); 1070 1092 freeList = cell; 1093 #endif 1071 1094 } 1072 1095 } -
trunk/JavaScriptCore/runtime/Collector.h
r49365 r51624 61 61 size_t numLiveObjectsAtLastCollect; 62 62 size_t extraCost; 63 #if ENABLE(JSC_ZOMBIES) 64 size_t numZombies; 65 #endif 63 66 64 67 OperationInProgress operationInProgress; -
trunk/JavaScriptCore/runtime/JSCell.h
r49955 r51624 43 43 friend class JSValue; 44 44 friend class JSAPIValueWrapper; 45 friend class JSZombie; 45 46 friend struct VPtrSet; 46 47 … … 91 92 92 93 virtual void markChildren(MarkStack&); 94 #if ENABLE(JSC_ZOMBIES) 95 virtual bool isZombie() const { return false; } 96 #endif 93 97 94 98 // Object operations, with the toObject operation included. … … 343 347 return cellBlock(c)->heap; 344 348 } 345 349 350 #if ENABLE(JSC_ZOMBIES) 351 inline bool JSValue::isZombie() const 352 { 353 return isCell() && asCell() && asCell()->isZombie(); 354 } 355 #endif 346 356 } // namespace JSC 347 357 -
trunk/JavaScriptCore/runtime/JSValue.h
r51334 r51624 169 169 uint32_t toUInt32(ExecState*, bool& ok) const; 170 170 171 #if ENABLE(JSC_ZOMBIES) 172 bool isZombie() const; 173 #endif 174 171 175 // Floating point conversions (this is a convenience method for webcore; 172 176 // signle precision float is not a representation used in JS or JSC). … … 439 443 JSValue v; 440 444 v.u.asEncodedJSValue = encodedJSValue; 445 #if ENABLE(JSC_ZOMBIES) 446 ASSERT(!v.isZombie()); 447 #endif 441 448 return v; 442 449 } … … 485 492 u.asBits.tag = EmptyValueTag; 486 493 u.asBits.payload = reinterpret_cast<int32_t>(ptr); 494 #if ENABLE(JSC_ZOMBIES) 495 ASSERT(!isZombie()); 496 #endif 487 497 } 488 498 … … 494 504 u.asBits.tag = EmptyValueTag; 495 505 u.asBits.payload = reinterpret_cast<int32_t>(const_cast<JSCell*>(ptr)); 506 #if ENABLE(JSC_ZOMBIES) 507 ASSERT(!isZombie()); 508 #endif 496 509 } 497 510 … … 794 807 : m_ptr(ptr) 795 808 { 809 #if ENABLE(JSC_ZOMBIES) 810 ASSERT(!isZombie()); 811 #endif 796 812 } 797 813 … … 799 815 : m_ptr(const_cast<JSCell*>(ptr)) 800 816 { 817 #if ENABLE(JSC_ZOMBIES) 818 ASSERT(!isZombie()); 819 #endif 801 820 } 802 821 -
trunk/JavaScriptCore/wtf/Platform.h
r51555 r51624 924 924 #define WTF_PLATFORM_CFNETWORK Error USE_macro_should_be_used_with_CFNETWORK 925 925 926 #define ENABLE_JSC_ZOMBIES 0 927 926 928 #endif /* WTF_Platform_h */
Note: See TracChangeset
for help on using the changeset viewer.
