Changeset 111973 in webkit for trunk/Source/JavaScriptCore/heap/CopiedSpace.cpp

Timestamp:

Mar 23, 2012, 8:11:45 PM (13 years ago)

Author:

[email protected]

Message:

tryReallocate could break the zero-ed memory invariant of CopiedBlocks
​https://bugs.webkit.org/show_bug.cgi?id=82087

Reviewed by Filip Pizlo.

Removing this optimization turned out to be ~1% regression on kraken, so I simply
undid the modification to the current block if we fail.

• heap/CopiedSpace.cpp:

(JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail
to reallocate from the current block.

File:

• trunk/Source/JavaScriptCore/heap/CopiedSpace.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/heap/CopiedSpace.cpp

@@ -101 +101 @@
 
     if (m_allocator.wasLastAllocation(oldPtr, oldSize)) {
-        m_allocator.resetLastAllocation(oldPtr);
-        if (m_allocator.fitsInCurrentBlock(newSize))
-            return m_allocator.allocate(newSize);
+        size_t delta = newSize - oldSize;
+        if (m_allocator.fitsInCurrentBlock(delta)) {
+            (void)m_allocator.allocate(delta);
+            return true;
+        }
     }