Changeset 118093 in webkit for trunk/Source/JavaScriptCore/heap/CopiedSpace.h

Timestamp:

May 22, 2012, 6:28:03 PM (13 years ago)

Author:

[email protected]

Message:

CopiedSpace::contains doesn't check for oversize blocks
​https://bugs.webkit.org/show_bug.cgi?id=87180

Reviewed by Geoffrey Garen.

When doing a conservative scan we use CopiedSpace::contains to determine if a particular
address points into the CopiedSpace. Currently contains() only checks if the address
points to a block in to-space, which means that pointers to oversize blocks may not get scanned.

• heap/CopiedSpace.cpp:

(JSC::CopiedSpace::tryAllocateOversize):
(JSC::CopiedSpace::tryReallocateOversize):
(JSC::CopiedSpace::doneFillingBlock):
(JSC::CopiedSpace::doneCopying):

• heap/CopiedSpace.h: Refactored CopiedSpace so that all blocks (oversize and to-space) are

in a single hash set and bloom filter for membership testing.
(CopiedSpace):

• heap/CopiedSpaceInlineMethods.h:

(JSC::CopiedSpace::contains): We check for the normal block first. Since the oversize blocks are
only page aligned, rather than block aligned, we have to re-mask the ptr to check if it's in
CopiedSpace. Also added a helper function of the same name that takes a CopiedBlock* and checks
if it's in CopiedSpace so that check isn't typed out twice.
(JSC):
(JSC::CopiedSpace::startedCopying):
(JSC::CopiedSpace::addNewBlock):

File:

• trunk/Source/JavaScriptCore/heap/CopiedSpace.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/heap/CopiedSpace.h

@@ -65 +65 @@
     bool isPinned(void*);
 
+    bool contains(CopiedBlock*);
     bool contains(void*, CopiedBlock*&);
 
@@ -97 +98 @@
     CopiedAllocator m_allocator;
 
-    TinyBloomFilter m_toSpaceFilter;
-    TinyBloomFilter m_oversizeFilter;
-    HashSet<CopiedBlock*> m_toSpaceSet;
+    TinyBloomFilter m_blockFilter;
+    HashSet<CopiedBlock*> m_blockSet;
 
     Mutex m_toSpaceLock;