Context Navigation

Changeset 86974 in webkit

Timestamp:

May 20, 2011 12:06:29 PM (13 years ago)

Author:

commit-queue@webkit.org

Message:

2011-05-20 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>

Reviewed by Oliver Hunt.

Zombies should "live" forever
https://bugs.webkit.org/show_bug.cgi?id=61170

Reusing zombie cells could still hide garbage
collected cell related bugs.

Location:

trunk/Source/JavaScriptCore

Files:

-                      r86972
+                      r86974
+-05-20  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
+        Reviewed by Oliver Hunt.
+        Zombies should "live" forever
+        https://bugs.webkit.org/show_bug.cgi?id=61170
+        Reusing zombie cells could still hide garbage
+        collected cell related bugs.
+        * JavaScriptCore.pro:
+        * heap/MarkedBlock.cpp:
+        (JSC::MarkedBlock::clearMarks):
+        * heap/MarkedBlock.h:
+        * heap/MarkedSpace.cpp:
+        (JSC::MarkedSpace::destroy):
+        * runtime/JSCell.h:
+        (JSC::JSCell::JSValue::isZombie):
+        * runtime/JSZombie.h:
+        (JSC::JSZombie::~JSZombie):
+        * runtime/WriteBarrier.h:
+        (JSC::WriteBarrierBase::setWithoutWriteBarrier):
 -05-20  Brady Eidson  <beidson@apple.com>

-                      r85855
+                      r86974
     assembler/ARMv7Assembler.cpp \
     assembler/MacroAssemblerARM.cpp \
-    assembler/MacroAssemblerSH4.h \
     assembler/MacroAssemblerSH4.cpp \
-    assembler/SH4Assembler.h \
     bytecode/CodeBlock.cpp \
     bytecode/JumpTable.cpp \
 …
     runtime/JSVariableObject.cpp \
     runtime/JSWrapperObject.cpp \
+    runtime/JSZombie.cpp \
     runtime/LiteralParser.cpp \
     runtime/Lookup.cpp \

-                      r86499
+                      r86974
+}
+#if ENABLE(JSC_ZOMBIES)
+void MarkedBlock::clearMarks()
+{
+    /* Keep our precious zombies! */
+    for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell) {
+        if (m_marks.get(i))
+            continue;
+        JSCell* cell = reinterpret_cast<JSCell*>(&atoms()[i]);
+        if (!cell->isZombie())
+            m_marks.clear(i);
+    }
+}
+#endif
 } // namespace JSC

r85533	r86974
155	155	}
156	156
	157	#if !ENABLE(JSC_ZOMBIES)
157	158	inline void MarkedBlock::clearMarks()
158	159	{
159	160	m_marks.clearAll();
160	161	}
	162	#endif
161	163
162	164	inline size_t MarkedBlock::markCount()

-                      r86499
+                      r86974
 void MarkedSpace::destroy()
+{
+    /* Keep our precious zombies! */
+#if !ENABLE(JSC_ZOMBIES)
     clearMarks();
     shrink();
     ASSERT(!size());
+#endif
+}

r86499	r86974
356	356	return MarkedSpace::heap(c);
357	357	}
358
	358
359	359	#if ENABLE(JSC_ZOMBIES)
360	360	inline bool JSValue::isZombie() const
361	361	{
362		return isCell() && asCell() ~~> (JSCell*)0x1ffffffffL && asCell()~~->isZombie();
	362	return isCell() && asCell()->isZombie();
363	363	}
364	364	#endif

-                      r84556
+                      r86974
+    }
+    ~JSZombie()
+    {
+        /* Zombie cells should never been reused. */
+        ASSERT_NOT_REACHED();
+    }
     virtual bool isZombie() const { return true; }

r86499	r86974
130	130	this->m_cell = reinterpret_cast<JSCell*>(value);
131	131	#if ENABLE(JSC_ZOMBIES)
132		ASSERT(!m_cell \|\| !isZombie(m_cell));
	132	ASSERT(!m_cell \|\| value == reinterpret_cast<T*>(1) \|\| !isZombie(m_cell));
133	133	#endif
134	134	}

Note: See TracChangeset for help on using the changeset viewer.