Title: [128262] trunk/Source/_javascript_Core
- Revision
- 128262
- Author
- [email protected]
- Date
- 2012-09-11 21:26:15 -0700 (Tue, 11 Sep 2012)
Log Message
IncrementalSweeper should not sweep/free Zapped blocks
https://bugs.webkit.org/show_bug.cgi?id=96464
Reviewed by Filip Pizlo.
This is not beneficial in terms of performance because there isn't any way a block can emerge
in the Zapped state from a call to Heap::collect() unless we run an eager sweep on it, in which
case we've already run all the destructors we possibly can. This also causes bugs since we don't
take zapped-ness into account when determining whether or not a block is empty to free it. The
incremental sweeper can then accidentally free blocks that it thinks are empty but are in fact
zapped with still-live objects in them.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::needsSweeping): It is only valid to sweep a block if it is in the Marked state.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (128261 => 128262)
--- trunk/Source/_javascript_Core/ChangeLog 2012-09-12 04:24:57 UTC (rev 128261)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-09-12 04:26:15 UTC (rev 128262)
@@ -1,3 +1,20 @@
+2012-09-11 Mark Hahnenberg <[email protected]>
+
+ IncrementalSweeper should not sweep/free Zapped blocks
+ https://bugs.webkit.org/show_bug.cgi?id=96464
+
+ Reviewed by Filip Pizlo.
+
+ This is not beneficial in terms of performance because there isn't any way a block can emerge
+ in the Zapped state from a call to Heap::collect() unless we run an eager sweep on it, in which
+ case we've already run all the destructors we possibly can. This also causes bugs since we don't
+ take zapped-ness into account when determining whether or not a block is empty to free it. The
+ incremental sweeper can then accidentally free blocks that it thinks are empty but are in fact
+ zapped with still-live objects in them.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::needsSweeping): It is only valid to sweep a block if it is in the Marked state.
+
2012-09-11 Geoffrey Garen <[email protected]>
JSActivation should inline allocate its registers, and eliminate
Modified: trunk/Source/_javascript_Core/heap/MarkedBlock.h (128261 => 128262)
--- trunk/Source/_javascript_Core/heap/MarkedBlock.h 2012-09-12 04:24:57 UTC (rev 128261)
+++ trunk/Source/_javascript_Core/heap/MarkedBlock.h 2012-09-12 04:26:15 UTC (rev 128262)
@@ -431,7 +431,7 @@
inline bool MarkedBlock::needsSweeping()
{
- return m_state == Marked || m_state == Zapped;
+ return m_state == Marked;
}
#if ENABLE(GGC)
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
