Changeset 31787 in webkit for trunk/JavaScriptCore/kjs


Ignore:
Timestamp:
Apr 10, 2008, 3:51:33 PM (17 years ago)
Author:
[email protected]
Message:

Fix https://bugs.webkit.org/show_bug.cgi?id=18367 and the many dupes.
Bug 18367: Crash during celtic kane js speed 2007 test

Reviewed by Maciej Stachowiak.

GCC 4.2 on x86_64 Linux decided to reorder the local variables in markCurrentThreadConservatively's
stack frame. This lead to the range of addresses the collector treated as stack to exclude the
contents of volatile registers that markCurrentThreadConservatively forces onto the stack. This was
leading to objects being prematurely collected if the only reference to them was via a register at
the time a collection occurred.

The fix for this is to move the calculation of the top of the stack into a NEVER_INLINE function
that is called from markCurrentThreadConservatively. This forces the dummy variable we use for
determining the top of stack to be in a different stack frame which prevents the compiler from
reordering it relative to the registers that markCurrentThreadConservatively forces onto the stack.

  • kjs/collector.cpp:

(KJS::Collector::markCurrentThreadConservativelyInternal):
(KJS::Collector::markCurrentThreadConservatively):

  • kjs/collector.h:
Location:
trunk/JavaScriptCore/kjs
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/kjs/collector.cpp

    r31167 r31787  
    529529}
    530530
     531void NEVER_INLINE Collector::markCurrentThreadConservativelyInternal()
     532{
     533    void* dummy;
     534    void* stackPointer = &dummy;
     535    void* stackBase = currentThreadStackBase();
     536    markStackObjectsConservatively(stackPointer, stackBase);
     537}
     538
    531539void Collector::markCurrentThreadConservatively()
    532540{
     
    542550#endif
    543551
    544     void* dummy;
    545     void* stackPointer = &dummy;
    546     void* stackBase = currentThreadStackBase();
    547 
    548     markStackObjectsConservatively(stackPointer, stackBase);
     552    markCurrentThreadConservativelyInternal();
    549553}
    550554

  • trunk/JavaScriptCore/kjs/collector.h

    r30576 r31787  
    8080    static void markMainThreadOnlyObjects();
    8181    static void markCurrentThreadConservatively();
     82    static void markCurrentThreadConservativelyInternal();
    8283    static void markOtherThreadConservatively(Thread*);
    8384    static void markStackObjectsConservatively();
Note: See TracChangeset for help on using the changeset viewer.