source: webkit/trunk/JavaScriptCore/runtime/JSNotAnObject.cpp@ 47601

Last change on this file since 47601 was 47022, checked in by [email protected], 16 years ago

Stack overflow crash in JavaScript garbage collector mark pass
https://bugs.webkit.org/show_bug.cgi?id=12216

Reviewed by Gavin Barraclough and Sam Weinig

Make the GC mark phase iterative by using an explicit mark stack.
To do this marking any single object is performed in multiple stages

  • The object is appended to the MarkStack, this sets the marked bit for the object using the new markDirect() function, and then returns
  • When the MarkStack is drain()ed the object is popped off the stack and markChildren(MarkStack&) is called on the object to collect all of its children. drain() then repeats until the stack is empty.

Additionally I renamed a number of methods from 'mark' to 'markAggregate'
in order to make it more clear that marking of those object was not
going to result in an actual recursive mark.
File size: 4.1 KB
Line 
1/*
2 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29
30#include "config.h"
31#include "JSNotAnObject.h"
32
33#include <wtf/UnusedParam.h>
34
35namespace JSC {
36
37ASSERT_CLASS_FITS_IN_CELL(JSNotAnObject);
38
39// JSValue methods
40JSValue JSNotAnObject::toPrimitive(ExecState* exec, PreferredPrimitiveType) const
41{
42 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
43 return m_exception;
44}
45
46bool JSNotAnObject::getPrimitiveNumber(ExecState* exec, double&, JSValue&)
47{
48 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
49 return false;
50}
51
52bool JSNotAnObject::toBoolean(ExecState* exec) const
53{
54 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
55 return false;
56}
57
58double JSNotAnObject::toNumber(ExecState* exec) const
59{
60 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
61 return NaN;
62}
63
64UString JSNotAnObject::toString(ExecState* exec) const
65{
66 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
67 return "";
68}
69
70JSObject* JSNotAnObject::toObject(ExecState* exec) const
71{
72 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
73 return m_exception;
74}
75
76// Marking
77void JSNotAnObject::markChildren(MarkStack& markStack)
78{
79 JSObject::markChildren(markStack);
80 markStack.append(m_exception);
81}
82
83// JSObject methods
84bool JSNotAnObject::getOwnPropertySlot(ExecState* exec, const Identifier&, PropertySlot&)
85{
86 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
87 return false;
88}
89
90bool JSNotAnObject::getOwnPropertySlot(ExecState* exec, unsigned, PropertySlot&)
91{
92 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
93 return false;
94}
95
96void JSNotAnObject::put(ExecState* exec, const Identifier& , JSValue, PutPropertySlot&)
97{
98 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
99}
100
101void JSNotAnObject::put(ExecState* exec, unsigned, JSValue)
102{
103 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
104}
105
106bool JSNotAnObject::deleteProperty(ExecState* exec, const Identifier&)
107{
108 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
109 return false;
110}
111
112bool JSNotAnObject::deleteProperty(ExecState* exec, unsigned)
113{
114 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
115 return false;
116}
117
118void JSNotAnObject::getPropertyNames(ExecState* exec, PropertyNameArray&)
119{
120 ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
121}
122
123} // namespace JSC
Note: See TracBrowser for help on using the repository browser.