Ignore:
Timestamp:
Sep 6, 2012, 10:53:25 PM (13 years ago)
Author:
[email protected]
Message:

JSC should have a zombie mode
https://bugs.webkit.org/show_bug.cgi?id=96047

Reviewed by Geoffrey Garen.

To aid clients of JSC while they are debugging memory issues, we should add a zombie
mode that scribbles into objects in the MarkedSpace after they are found to be dead
to prevent a sort of "use after free" situation. As a first cut we should support a
mode that just scribbles on objects prior to their being reused (i.e. while they are
"zombies") and a mode in which, in addition to scribbling on zombies, once an object
has been marked its mark bit will never be cleared, thus giving us "immortal" zombies.

These two modes will be enabled through the use of environment variables. For now these
will be "JSZombieEnabled" and "JSImmortalZombieEnabled". Setting them to any value will
result in the use of the appropriate mode.

  • heap/Heap.cpp:

(JSC::Heap::collect): Zombifies dead objects at the end of collection if zombie mode is enabled.
(ZombifyCellFunctor):
(JSC::ZombifyCellFunctor::ZombifyCellFunctor): Sets marked bits for dead objects if in immortal mode and writes 0xbbadbeef into them.
(JSC::ZombifyCellFunctor::operator()):
(JSC):
(ZombifyBlockFunctor):
(JSC::ZombifyBlockFunctor::operator()):
(JSC::Heap::zombifyDeadObjects): Eagerly sweeps so that we don't write garbage into an object before it
is finalized/destroyed.

  • heap/Heap.h:

(Heap):

  • heap/MarkedBlock.h:

(MarkedBlock):
(JSC::MarkedBlock::forEachDeadCell): Used to iterate over dead cells at the end of collection if zombie mode is enabled.
(JSC):

  • runtime/Options.cpp:

(JSC::Options::initialize):

  • runtime/Options.h:

(JSC):

Location:
trunk/Source/JavaScriptCore/runtime
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/Options.cpp

    r127719 r127829  
    147147#endif
    148148
     149#if USE(CF) || OS(UNIX)
     150    zombiesAreImmortal() = !!getenv("JSImmortalZombieEnabled");
     151    useZombieMode() = zombiesAreImmortal() || !!getenv("JSZombieEnabled");
     152#endif
     153
    149154    // Do range checks where needed and make corrections to the options:
    150155    ASSERT(thresholdForOptimizeAfterLongWarmUp() >= thresholdForOptimizeAfterWarmUp());

  • trunk/Source/JavaScriptCore/runtime/Options.h

    r127719 r127829  
    119119    \
    120120    v(bool, forceWeakRandomSeed, false) \
    121     v(unsigned, forcedWeakRandomSeed, 0)
     121    v(unsigned, forcedWeakRandomSeed, 0) \
     122    \
     123    v(bool, useZombieMode, false) \
     124    v(bool, zombiesAreImmortal, false)
    122125
    123126
Note: See TracChangeset for help on using the changeset viewer.