source: webkit/trunk/JavaScriptCore/runtime/SmallStrings.cpp@ 47022

Last change on this file since 47022 was 47022, checked in by [email protected], 16 years ago

Stack overflow crash in JavaScript garbage collector mark pass
https://bugs.webkit.org/show_bug.cgi?id=12216

Reviewed by Gavin Barraclough and Sam Weinig

Make the GC mark phase iterative by using an explicit mark stack.
To do this marking any single object is performed in multiple stages

  • The object is appended to the MarkStack, this sets the marked bit for the object using the new markDirect() function, and then returns
  • When the MarkStack is drain()ed the object is popped off the stack and markChildren(MarkStack&) is called on the object to collect all of its children. drain() then repeats until the stack is empty.

Additionally I renamed a number of methods from 'mark' to 'markAggregate'
in order to make it more clear that marking of those object was not
going to result in an actual recursive mark.
  • Property svn:eol-style set to native
File size: 4.2 KB
Line 
1/*
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "config.h"
27#include "SmallStrings.h"
28
29#include "JSGlobalObject.h"
30#include "JSString.h"
31
32#include <wtf/Noncopyable.h>
33
34namespace JSC {
35static const unsigned numCharactersToStore = 0x100;
36
37class SmallStringsStorage : public Noncopyable {
38public:
39 SmallStringsStorage();
40
41 UString::Rep* rep(unsigned char character) { return &m_reps[character]; }
42
43private:
44 UChar m_characters[numCharactersToStore];
45 UString::BaseString m_base;
46 UString::Rep m_reps[numCharactersToStore];
47};
48
49SmallStringsStorage::SmallStringsStorage()
50 : m_base(m_characters, numCharactersToStore)
51{
52 m_base.rc = numCharactersToStore + 1;
53 // make sure UString doesn't try to reuse the buffer by pretending we have one more character in it
54 m_base.usedCapacity = numCharactersToStore + 1;
55 m_base.capacity = numCharactersToStore + 1;
56 m_base.checkConsistency();
57
58 for (unsigned i = 0; i < numCharactersToStore; ++i)
59 m_characters[i] = i;
60
61 memset(&m_reps, 0, sizeof(m_reps));
62 for (unsigned i = 0; i < numCharactersToStore; ++i) {
63 m_reps[i].offset = i;
64 m_reps[i].len = 1;
65 m_reps[i].rc = 1;
66 m_reps[i].setBaseString(&m_base);
67 m_reps[i].checkConsistency();
68 }
69}
70
71SmallStrings::SmallStrings()
72 : m_emptyString(0)
73 , m_storage(0)
74{
75 COMPILE_ASSERT(numCharactersToStore == sizeof(m_singleCharacterStrings) / sizeof(m_singleCharacterStrings[0]), IsNumCharactersConstInSyncWithClassUsage);
76
77 for (unsigned i = 0; i < numCharactersToStore; ++i)
78 m_singleCharacterStrings[i] = 0;
79}
80
81SmallStrings::~SmallStrings()
82{
83}
84
85void SmallStrings::mark()
86{
87 if (m_emptyString && !m_emptyString->marked())
88 m_emptyString->markCellDirect();
89 for (unsigned i = 0; i < numCharactersToStore; ++i) {
90 if (m_singleCharacterStrings[i] && !m_singleCharacterStrings[i]->marked())
91 m_singleCharacterStrings[i]->markCellDirect();
92 }
93}
94
95unsigned SmallStrings::count() const
96{
97 unsigned count = 0;
98 if (m_emptyString)
99 ++count;
100 for (unsigned i = 0; i < numCharactersToStore; ++i) {
101 if (m_singleCharacterStrings[i])
102 ++count;
103 }
104 return count;
105}
106
107void SmallStrings::createEmptyString(JSGlobalData* globalData)
108{
109 ASSERT(!m_emptyString);
110 m_emptyString = new (globalData) JSString(globalData, "", JSString::HasOtherOwner);
111}
112
113void SmallStrings::createSingleCharacterString(JSGlobalData* globalData, unsigned char character)
114{
115 if (!m_storage)
116 m_storage.set(new SmallStringsStorage);
117 ASSERT(!m_singleCharacterStrings[character]);
118 m_singleCharacterStrings[character] = new (globalData) JSString(globalData, m_storage->rep(character), JSString::HasOtherOwner);
119}
120
121UString::Rep* SmallStrings::singleCharacterStringRep(unsigned char character)
122{
123 if (!m_storage)
124 m_storage.set(new SmallStringsStorage);
125 return m_storage->rep(character);
126}
127
128} // namespace JSC
Note: See TracBrowser for help on using the repository browser.