Skip to site navigation (Press enter)

[webkit-changes] [117130] branches/safari-536-branch/Source/JavaScriptCore

lforschler Tue, 15 May 2012 13:02:56 -0700

Title: [117130] branches/safari-536-branch/Source/_javascript_Core

Revision: 117130
Author: [email protected]
Date: 2012-05-15 13:03:43 -0700 (Tue, 15 May 2012)

Log Message

Merged r116565.


Modified Paths

branches/safari-536-branch/Source/_javascript_Core/ChangeLog
branches/safari-536-branch/Source/_javascript_Core/heap/CopiedSpace.cpp

Diff

Modified: branches/safari-536-branch/Source/_javascript_Core/ChangeLog (117129 => 117130)


--- branches/safari-536-branch/Source/_javascript_Core/ChangeLog	2012-05-15 20:02:47 UTC (rev 117129)
+++ branches/safari-536-branch/Source/_javascript_Core/ChangeLog	2012-05-15 20:03:43 UTC (rev 117130)
@@ -1,5 +1,30 @@
 2012-05-15  Lucas Forschler  <[email protected]>
 
+    Merge 116565
+
+    2012-05-09  Mark Hahnenberg  <[email protected]>
+
+            CopiedSpace does not add pinned blocks back to the to-space filter
+            https://bugs.webkit.org/show_bug.cgi?id=86011
+
+            Reviewed by Geoffrey Garen.
+
+            After a collection has finished, we go through the blocks in from-space 
+            and move any of them that are pinned into to-space. At the beginning of 
+            collection, we reset the to-space block filter that is used during 
+            conservative scanning and add back the blocks that are filled during the 
+            collection. However, we neglect to add back those blocks that are moved 
+            from from-space to to-space, which can cause the conservative scan to 
+            think that some pinned items are not actually in CopiedSpace.
+
+            * heap/CopiedSpace.cpp:
+            (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the 
+            to-space filter. Also added a comment and assert for future readers that 
+            indicates that it's okay that we don't also add the block to the 
+            to-space block set since it was never removed.
+
+2012-05-15  Lucas Forschler  <[email protected]>
+
     Merge 116484
 
     2012-05-08  Mark Hahnenberg  <[email protected]>

Modified: branches/safari-536-branch/Source/_javascript_Core/heap/CopiedSpace.cpp (117129 => 117130)


--- branches/safari-536-branch/Source/_javascript_Core/heap/CopiedSpace.cpp	2012-05-15 20:02:47 UTC (rev 117129)
+++ branches/safari-536-branch/Source/_javascript_Core/heap/CopiedSpace.cpp	2012-05-15 20:03:43 UTC (rev 117130)
@@ -183,6 +183,9 @@
         CopiedBlock* block = static_cast<CopiedBlock*>(m_fromSpace->removeHead());
         if (block->m_isPinned) {
             block->m_isPinned = false;
+            // We don't add the block to the toSpaceSet because it was never removed.
+            ASSERT(m_toSpaceSet.contains(block));
+            m_toSpaceFilter.add(reinterpret_cast<Bits>(block));
             m_toSpace->push(block);
             continue;
         }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes