Ignore:
Timestamp:
Aug 10, 2009, 9:35:02 PM (16 years ago)
Author:
[email protected]
Message:

Stack overflow crash in JavaScript garbage collector mark pass
https://bugs.webkit.org/show_bug.cgi?id=12216

Reviewed by Gavin Barraclough and Sam Weinig

Make the GC mark phase iterative by using an explicit mark stack.
To do this marking any single object is performed in multiple stages

  • The object is appended to the MarkStack, this sets the marked bit for the object using the new markDirect() function, and then returns
  • When the MarkStack is drain()ed the object is popped off the stack and markChildren(MarkStack&) is called on the object to collect all of its children. drain() then repeats until the stack is empty.

Additionally I renamed a number of methods from 'mark' to 'markAggregate'
in order to make it more clear that marking of those object was not
going to result in an actual recursive mark.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/runtime/Collector.h

    r46598 r47022  
    4040namespace JSC {
    4141
    42     class MarkedArgumentBuffer;
    4342    class CollectorBlock;
    4443    class JSCell;
    4544    class JSGlobalData;
    4645    class JSValue;
     46    class MarkedArgumentBuffer;
     47    class MarkStack;
    4748
    4849    enum OperationInProgress { NoOperation, Allocation, Collection };
     
    112113        static void markCell(JSCell*);
    113114
    114         void markConservatively(void* start, void* end);
     115        void markConservatively(MarkStack&, void* start, void* end);
    115116
    116117        HashSet<MarkedArgumentBuffer*>& markListSet() { if (!m_markListSet) m_markListSet = new HashSet<MarkedArgumentBuffer*>; return *m_markListSet; }
     
    134135
    135136        void recordExtraCost(size_t);
    136         void markProtectedObjects();
    137         void markCurrentThreadConservatively();
    138         void markCurrentThreadConservativelyInternal();
    139         void markOtherThreadConservatively(Thread*);
    140         void markStackObjectsConservatively();
     137        void markProtectedObjects(MarkStack&);
     138        void markCurrentThreadConservatively(MarkStack&);
     139        void markCurrentThreadConservativelyInternal(MarkStack&);
     140        void markOtherThreadConservatively(MarkStack&, Thread*);
     141        void markStackObjectsConservatively(MarkStack&);
    141142
    142143        typedef HashCountedSet<JSCell*> ProtectCountSet;
Note: See TracChangeset for help on using the changeset viewer.