[webkit-changes] [214543] branches/safari-603-branch/Source/JavaScriptCore

Wed, 29 Mar 2017 10:23:21 -0700

Title: [214543] branches/safari-603-branch/Source/_javascript_Core

Diff

Modified: branches/safari-603-branch/Source/_javascript_Core/ChangeLog (214542 => 214543)


--- branches/safari-603-branch/Source/_javascript_Core/ChangeLog	2017-03-29 17:22:02 UTC (rev 214542)
+++ branches/safari-603-branch/Source/_javascript_Core/ChangeLog	2017-03-29 17:22:48 UTC (rev 214543)
@@ -1,3 +1,7 @@
+2017-03-29  Jason Marcell  <[email protected]>
+
+        Rollout r214519. rdar://problem/30922106
+
 2017-03-28  Jason Marcell  <[email protected]>
 
         Merge r214240. rdar://problem/31178794

Modified: branches/safari-603-branch/Source/_javascript_Core/heap/Heap.cpp (214542 => 214543)


--- branches/safari-603-branch/Source/_javascript_Core/heap/Heap.cpp	2017-03-29 17:22:02 UTC (rev 214542)
+++ branches/safari-603-branch/Source/_javascript_Core/heap/Heap.cpp	2017-03-29 17:22:48 UTC (rev 214543)
@@ -1019,21 +1019,6 @@
     m_mutatorMarkStack->append(cell);
 }
 
-void Heap::sweepSynchronously()
-{
-    double before = 0;
-    if (Options::logGC()) {
-        dataLog("[Full sweep: ", capacity() / 1024, "kb ");
-        before = currentTimeMS();
-    }
-    m_objectSpace.sweep();
-    m_objectSpace.shrink();
-    if (Options::logGC()) {
-        double after = currentTimeMS();
-        dataLog("=> ", capacity() / 1024, "kb, ", after - before, "ms] ");
-    }
-}
-
 void Heap::collectAllGarbage()
 {
     if (!m_isSafeToCollect)
@@ -1044,12 +1029,18 @@
     DeferGCForAWhile deferGC(*this);
     if (UNLIKELY(Options::useImmortalObjects()))
         sweeper()->willFinishSweeping();
-
-    bool alreadySweptInCollectSync = Options::sweepSynchronously();
-    if (!alreadySweptInCollectSync) {
-        sweepSynchronously();
-        if (Options::logGC())
-            dataLog("\n");
+    else {
+        double before = 0;
+        if (Options::logGC()) {
+            dataLog("[Full sweep: ", capacity() / 1024, "kb ");
+            before = currentTimeMS();
+        }
+        m_objectSpace.sweep();
+        m_objectSpace.shrink();
+        if (Options::logGC()) {
+            double after = currentTimeMS();
+            dataLog("=> ", capacity() / 1024, "kb, ", after - before, "ms]\n");
+        }
     }
     m_objectSpace.assertNoUnswept();
 
@@ -1588,9 +1579,6 @@
     
     if (HasOwnPropertyCache* cache = vm()->hasOwnPropertyCache())
         cache->clear();
-
-    if (Options::sweepSynchronously())
-        sweepSynchronously();
 }
 
 Heap::Ticket Heap::requestCollection(std::optional<CollectionScope> scope)
@@ -1819,6 +1807,9 @@
     if (Options::recordGCPauseTimes())
         HeapStatistics::recordGCPauseTime(gcStartTime, gcEndTime);
 
+    if (Options::useZombieMode())
+        zombifyDeadObjects();
+
     if (Options::dumpObjectStatistics())
         HeapStatistics::dumpObjectStatistics(this);
 
@@ -1919,6 +1910,36 @@
     collectAllGarbage();
 }
 
+class Zombify : public MarkedBlock::VoidFunctor {
+public:
+    inline void visit(HeapCell* cell) const
+    {
+        void** current = reinterpret_cast_ptr<void**>(cell);
+
+        // We want to maintain zapped-ness because that's how we know if we've called 
+        // the destructor.
+        if (cell->isZapped())
+            current++;
+
+        void* limit = static_cast<void*>(reinterpret_cast<char*>(cell) + cell->cellSize());
+        for (; current < limit; current++)
+            *current = zombifiedBits;
+    }
+    IterationStatus operator()(HeapCell* cell, HeapCell::Kind) const
+    {
+        visit(cell);
+        return IterationStatus::Continue;
+    }
+};
+
+void Heap::zombifyDeadObjects()
+{
+    // Sweep now because destructors will crash once we're zombified.
+    m_objectSpace.sweep();
+    HeapIterationScope iterationScope(*this);
+    m_objectSpace.forEachDeadCell(iterationScope, Zombify());
+}
+
 bool Heap::shouldDoFullCollection(std::optional<CollectionScope> scope) const
 {
     if (!Options::useGenerationalGC())

Modified: branches/safari-603-branch/Source/_javascript_Core/heap/Heap.h (214542 => 214543)


--- branches/safari-603-branch/Source/_javascript_Core/heap/Heap.h	2017-03-29 17:22:02 UTC (rev 214542)
+++ branches/safari-603-branch/Source/_javascript_Core/heap/Heap.h	2017-03-29 17:22:48 UTC (rev 214543)
@@ -85,6 +85,8 @@
 class Worklist;
 }
 
+static void* const zombifiedBits = reinterpret_cast<void*>(static_cast<uintptr_t>(0xdeadbeef));
+
 typedef HashCountedSet<JSCell*> ProtectCountSet;
 typedef HashCountedSet<const char*> TypeCountSet;
 
@@ -165,7 +167,6 @@
 
     JS_EXPORT_PRIVATE void collectAllGarbageIfNotDoneRecently();
     JS_EXPORT_PRIVATE void collectAllGarbage();
-    JS_EXPORT_PRIVATE void sweepSynchronously();
 
     bool shouldCollectHeuristic();
     
@@ -258,6 +259,8 @@
     template<typename T> void releaseSoon(RetainPtr<T>&&);
 #endif
 
+    static bool isZombified(JSCell* cell) { return *(void**)cell == zombifiedBits; }
+
     JS_EXPORT_PRIVATE void registerWeakGCMap(void* weakGCMap, std::function<void()> pruningCallback);
     JS_EXPORT_PRIVATE void unregisterWeakGCMap(void* weakGCMap);
 
@@ -445,6 +448,7 @@
     void updateAllocationLimits();
     void didFinishCollection(double gcStartTime);
     void resumeCompilerThreads();
+    void zombifyDeadObjects();
     void gatherExtraHeapSnapshotData(HeapProfiler&);
     void removeDeadHeapSnapshotNodes(HeapProfiler&);
     void finalize();

Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/Options.cpp (214542 => 214543)


--- branches/safari-603-branch/Source/_javascript_Core/runtime/Options.cpp	2017-03-29 17:22:02 UTC (rev 214542)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/Options.cpp	2017-03-29 17:22:48 UTC (rev 214543)
@@ -446,12 +446,6 @@
     else
         fastSetMaxSingleAllocationSize(std::numeric_limits<size_t>::max());
 #endif
-
-    if (Options::useZombieMode()) {
-        Options::sweepSynchronously() = true;
-        Options::scribbleFreeCells() = true;
-    }
-
     if (Options::useSigillCrashAnalyzer())
         enableSigillCrashAnalyzer();
 }

Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/Options.h (214542 => 214543)


--- branches/safari-603-branch/Source/_javascript_Core/runtime/Options.h	2017-03-29 17:22:02 UTC (rev 214542)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/Options.h	2017-03-29 17:22:48 UTC (rev 214543)
@@ -339,9 +339,8 @@
     v(bool, forceWeakRandomSeed, false, Normal, nullptr) \
     v(unsigned, forcedWeakRandomSeed, 0, Normal, nullptr) \
     \
-    v(bool, useZombieMode, false, Normal, "debugging option to scribble over dead objects with 0xbadbeef0") \
+    v(bool, useZombieMode, false, Normal, "debugging option to scribble over dead objects with 0xdeadbeef") \
     v(bool, useImmortalObjects, false, Normal, "debugging option to keep all objects alive forever") \
-    v(bool, sweepSynchronously, false, Normal, "debugging option to sweep all dead objects synchronously at GC end before resuming mutator") \
     v(bool, dumpObjectStatistics, false, Normal, nullptr) \
     v(unsigned, maxSingleAllocationSize, 0, Configurable, "debugging option to limit individual allocations to a max size (0 = limit not set, N = limit size in bytes)") \
     \

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to