Ignore:
Timestamp:
Aug 10, 2009, 9:35:02 PM (16 years ago)
Author:
[email protected]
Message:

Stack overflow crash in JavaScript garbage collector mark pass
https://bugs.webkit.org/show_bug.cgi?id=12216

Reviewed by Gavin Barraclough and Sam Weinig

Make the GC mark phase iterative by using an explicit mark stack.
To do this marking any single object is performed in multiple stages

  • The object is appended to the MarkStack, this sets the marked bit for the object using the new markDirect() function, and then returns
  • When the MarkStack is drain()ed the object is popped off the stack and markChildren(MarkStack&) is called on the object to collect all of its children. drain() then repeats until the stack is empty.

Additionally I renamed a number of methods from 'mark' to 'markAggregate'
in order to make it more clear that marking of those object was not
going to result in an actual recursive mark.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/bytecode/CodeBlock.cpp

    r46879 r47022  
    14291429}
    14301430
    1431 void CodeBlock::mark()
    1432 {
    1433     for (size_t i = 0; i < m_constantRegisters.size(); ++i)
     1431void CodeBlock::markAggregate(MarkStack& markStack)
     1432{
     1433    for (size_t i = 0; i < m_constantRegisters.size(); ++i) {
    14341434        if (!m_constantRegisters[i].marked())
    1435             m_constantRegisters[i].mark();
     1435            markStack.append(m_constantRegisters[i].jsValue());
     1436    }
    14361437
    14371438    for (size_t i = 0; i < m_functionExpressions.size(); ++i)
    1438         m_functionExpressions[i]->body()->mark();
     1439        m_functionExpressions[i]->body()->markAggregate(markStack);
    14391440
    14401441    if (m_rareData) {
    14411442        for (size_t i = 0; i < m_rareData->m_functions.size(); ++i)
    1442             m_rareData->m_functions[i]->body()->mark();
    1443 
    1444         m_rareData->m_evalCodeCache.mark();
     1443            m_rareData->m_functions[i]->body()->markAggregate(markStack);
     1444
     1445        m_rareData->m_evalCodeCache.markAggregate(markStack);
    14451446    }
    14461447}
Note: See TracChangeset for help on using the changeset viewer.