Changeset 47022 in webkit for trunk/JavaScriptCore/interpreter


Ignore:
Timestamp:
Aug 10, 2009, 9:35:02 PM (16 years ago)
Author:
[email protected]
Message:

Stack overflow crash in JavaScript garbage collector mark pass
https://bugs.webkit.org/show_bug.cgi?id=12216

Reviewed by Gavin Barraclough and Sam Weinig

Make the GC mark phase iterative by using an explicit mark stack.
To do this marking any single object is performed in multiple stages

  • The object is appended to the MarkStack, this sets the marked bit for the object using the new markDirect() function, and then returns
  • When the MarkStack is drain()ed the object is popped off the stack and markChildren(MarkStack&) is called on the object to collect all of its children. drain() then repeats until the stack is empty.

Additionally I renamed a number of methods from 'mark' to 'markAggregate'
in order to make it more clear that marking of those object was not
going to result in an actual recursive mark.

Location:
trunk/JavaScriptCore/interpreter
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/interpreter/Register.h

    r46598 r47022  
    11/*
    2  * Copyright (C) 2008 Apple Inc. All rights reserved.
     2 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    5757
    5858        bool marked() const;
    59         void mark();
     59        void markChildren(MarkStack&);
    6060       
    6161        Register(JSActivation*);
     
    121121    }
    122122
    123     ALWAYS_INLINE void Register::mark()
    124     {
    125         jsValue().mark();
    126     }
    127    
    128123    // Interpreter functions
    129124

  • trunk/JavaScriptCore/interpreter/RegisterFile.h

    r46025 r47022  
    11/*
    2  * Copyright (C) 2008 Apple Inc. All rights reserved.
     2 * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    137137        Register* lastGlobal() const { return m_start - m_numGlobals; }
    138138       
    139         void markGlobals(Heap* heap) { heap->markConservatively(lastGlobal(), m_start); }
    140         void markCallFrames(Heap* heap) { heap->markConservatively(m_start, m_end); }
     139        void markGlobals(MarkStack& markStack, Heap* heap) { heap->markConservatively(markStack, lastGlobal(), m_start); }
     140        void markCallFrames(MarkStack& markStack, Heap* heap) { heap->markConservatively(markStack, m_start, m_end); }
    141141
    142142    private:
Note: See TracChangeset for help on using the changeset viewer.