Changeset 31787 in webkit for trunk/JavaScriptCore/kjs/collector.cpp

Timestamp:

Apr 10, 2008, 3:51:33 PM (17 years ago)

Author:

[email protected]

Message:

Fix ​https://bugs.webkit.org/show_bug.cgi?id=18367 and the many dupes.
Bug 18367: Crash during celtic kane js speed 2007 test

Reviewed by Maciej Stachowiak.

GCC 4.2 on x86_64 Linux decided to reorder the local variables in markCurrentThreadConservatively's
stack frame. This lead to the range of addresses the collector treated as stack to exclude the
contents of volatile registers that markCurrentThreadConservatively forces onto the stack. This was
leading to objects being prematurely collected if the only reference to them was via a register at
the time a collection occurred.

The fix for this is to move the calculation of the top of the stack into a NEVER_INLINE function
that is called from markCurrentThreadConservatively. This forces the dummy variable we use for
determining the top of stack to be in a different stack frame which prevents the compiler from
reordering it relative to the registers that markCurrentThreadConservatively forces onto the stack.

• kjs/collector.cpp:

(KJS::Collector::markCurrentThreadConservativelyInternal):
(KJS::Collector::markCurrentThreadConservatively):

• kjs/collector.h:

File:

• trunk/JavaScriptCore/kjs/collector.cpp (modified) (2 diffs)

trunk/JavaScriptCore/kjs/collector.cpp

@@ -529 +529 @@
 }
 
+void NEVER_INLINE Collector::markCurrentThreadConservativelyInternal()
+{
+    void* dummy;
+    void* stackPointer = &dummy;
+    void* stackBase = currentThreadStackBase();
+    markStackObjectsConservatively(stackPointer, stackBase);
+}
+
 void Collector::markCurrentThreadConservatively()
 {
@@ -542 +550 @@
 #endif
 
-    void* dummy;
-    void* stackPointer = &dummy;
-    void* stackBase = currentThreadStackBase();
-
-    markStackObjectsConservatively(stackPointer, stackBase);
+    markCurrentThreadConservativelyInternal();
 }