Changeset 295624 in webkit for trunk/Source/JavaScriptCore/heap/Heap.h

Timestamp:

Jun 16, 2022, 7:20:29 PM (3 years ago)

Author:

[email protected]

Message:

The extraMemorySize() get wrong when transferring ArrayBuffer from Worker VM
​https://bugs.webkit.org/show_bug.cgi?id=241559

Reviewed by Yusuke Suzuki.

When ArrayBuffer is passed in the transfer option of postMessage(), the size cached in
heap.m_arrayBuffers get incorrect and that makes extraMemorySize() bigger than actual
managed size.

This patch added the code to reduce size from GCIncomingRefCountedSet.m_bytes when
ArrayBuffer is actually transferring from VM.

Also for verification, added a simple check code in GCIncomingRefCountedSet.addReference
with constexpr flag.

• Source/JavaScriptCore/heap/GCIncomingRefCountedSet.h:
• Source/JavaScriptCore/heap/GCIncomingRefCountedSetInlines.h:

(JSC::GCIncomingRefCountedSet<T>::sweep):
(JSC::GCIncomingRefCountedSet<T>::reduceSize):

• Source/JavaScriptCore/heap/Heap.cpp:

(JSC::Heap::reduceArrayBufferSize):

• Source/JavaScriptCore/heap/Heap.h:
• Source/JavaScriptCore/runtime/ArrayBuffer.cpp:

(JSC::ArrayBuffer::transferTo):

Canonical link: ​https://commits.webkit.org/251629@main

File:

• trunk/Source/JavaScriptCore/heap/Heap.h (modified) (1 diff)

trunk/Source/JavaScriptCore/heap/Heap.h

@@ -440 +440 @@
     
     void addReference(JSCell*, ArrayBuffer*);
+    void reduceArrayBufferSize(size_t bytes);
     
     bool isDeferred() const { return !!m_deferralDepth; }