Changeset 189553 in webkit for trunk/Source/JavaScriptCore/heap/Heap.cpp

Timestamp:

Sep 9, 2015, 3:00:58 PM (10 years ago)

Author:

[email protected]

Message:

2015-09-09 Geoffrey Garen <​[email protected]>

Unreviewed, rolling back in r189516.
​https://bugs.webkit.org/show_bug.cgi?id=148989

Restored changeset:

"GC should be able to discover new strong CodeBlock references
during marking"
​https://bugs.webkit.org/show_bug.cgi?id=148981
​http://trac.webkit.org/changeset/189516

This patch caused infinite recursion on Windows because of a pre-existing
logical error in the non-parallel GC configuration. Even in non-parallel
GC, we must set the mark bit on a CodeBlock to avoid marking it twice
(or, in the case of our crash, infinitely recursively).

File:

• trunk/Source/JavaScriptCore/heap/Heap.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/heap/Heap.cpp

@@ -526 +526 @@
 
 #if ENABLE(DFG_JIT)
-    DFG::clearCodeBlockMarks(*m_vm, m_codeBlocks);
+    DFG::clearCodeBlockMarks(*m_vm);
 #endif
     if (m_operationInProgress == EdenCollection)
@@ -662 +662 @@
 #if ENABLE(DFG_JIT)
     for (auto worklist : m_suspendedCompilerWorklists)
-        worklist->visitWeakReferences(m_slotVisitor, m_codeBlocks);
+        worklist->visitWeakReferences(m_slotVisitor);
 
     if (Options::logGC() == GCLogging::Verbose)
@@ -769 +769 @@
         harvestWeakReferences();
         visitCompilerWorklistWeakReferences();
-        m_codeBlocks.traceMarked(m_slotVisitor); // New "executing" code blocks may be discovered.
         if (m_slotVisitor.isEmpty())
             break;