Title: [111973] trunk/Source/_javascript_Core
- Revision
- 111973
- Author
- [email protected]
- Date
- 2012-03-23 20:11:45 -0700 (Fri, 23 Mar 2012)
Log Message
tryReallocate could break the zero-ed memory invariant of CopiedBlocks
https://bugs.webkit.org/show_bug.cgi?id=82087
Reviewed by Filip Pizlo.
Removing this optimization turned out to be ~1% regression on kraken, so I simply
undid the modification to the current block if we fail.
* heap/CopiedSpace.cpp:
(JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail
to reallocate from the current block.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (111972 => 111973)
--- trunk/Source/_javascript_Core/ChangeLog 2012-03-24 02:27:51 UTC (rev 111972)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-03-24 03:11:45 UTC (rev 111973)
@@ -1,3 +1,17 @@
+2012-03-23 Mark Hahnenberg <[email protected]>
+
+ tryReallocate could break the zero-ed memory invariant of CopiedBlocks
+ https://bugs.webkit.org/show_bug.cgi?id=82087
+
+ Reviewed by Filip Pizlo.
+
+ Removing this optimization turned out to be ~1% regression on kraken, so I simply
+ undid the modification to the current block if we fail.
+
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail
+ to reallocate from the current block.
+
2012-03-23 Alexey Proskuryakov <[email protected]>
[Mac] No need for platform-specific ENABLE_BLOB values
Modified: trunk/Source/_javascript_Core/heap/CopiedAllocator.h (111972 => 111973)
--- trunk/Source/_javascript_Core/heap/CopiedAllocator.h 2012-03-24 02:27:51 UTC (rev 111972)
+++ trunk/Source/_javascript_Core/heap/CopiedAllocator.h 2012-03-24 03:11:45 UTC (rev 111973)
@@ -39,7 +39,6 @@
bool wasLastAllocation(void*, size_t);
void startedCopying();
void resetCurrentBlock(CopiedBlock*);
- void resetLastAllocation(void*);
size_t currentCapacity();
private:
@@ -97,11 +96,6 @@
return m_currentBlock->capacity();
}
-inline void CopiedAllocator::resetLastAllocation(void* ptr)
-{
- m_currentOffset = static_cast<char*>(ptr);
-}
-
} // namespace JSC
#endif
Modified: trunk/Source/_javascript_Core/heap/CopiedSpace.cpp (111972 => 111973)
--- trunk/Source/_javascript_Core/heap/CopiedSpace.cpp 2012-03-24 02:27:51 UTC (rev 111972)
+++ trunk/Source/_javascript_Core/heap/CopiedSpace.cpp 2012-03-24 03:11:45 UTC (rev 111973)
@@ -100,9 +100,11 @@
return tryReallocateOversize(ptr, oldSize, newSize);
if (m_allocator.wasLastAllocation(oldPtr, oldSize)) {
- m_allocator.resetLastAllocation(oldPtr);
- if (m_allocator.fitsInCurrentBlock(newSize))
- return m_allocator.allocate(newSize);
+ size_t delta = newSize - oldSize;
+ if (m_allocator.fitsInCurrentBlock(delta)) {
+ (void)m_allocator.allocate(delta);
+ return true;
+ }
}
void* result = 0;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
