Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (160376 => 160377)
--- trunk/Source/_javascript_Core/ChangeLog 2013-12-10 19:29:43 UTC (rev 160376)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-12-10 19:37:29 UTC (rev 160377)
@@ -1,3 +1,27 @@
+2013-12-10 Mark Hahnenberg <mhahnenb...@apple.com>
+
+ ASSERT !heap.vm()->isInitializingObject() when finishing DFG compilation at beginning of GC
+ https://bugs.webkit.org/show_bug.cgi?id=125472
+
+ Reviewed by Geoff Garen.
+
+ This patch makes it look like it's okay to allocate so that the DFG plan finalization stuff
+ can do what it needs to do. We already expected that we might do allocation during plan
+ finalization and we increased the deferral depth to handle this, but we need to fix this other
+ ASSERT stuff too.
+
+ * GNUmakefile.list.am:
+ * _javascript_Core.vcxproj/_javascript_Core.vcxproj:
+ * _javascript_Core.vcxproj/_javascript_Core.vcxproj.filters:
+ * _javascript_Core.xcodeproj/project.pbxproj:
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/RecursiveAllocationScope.h: Added.
+ (JSC::RecursiveAllocationScope::RecursiveAllocationScope):
+ (JSC::RecursiveAllocationScope::~RecursiveAllocationScope):
+ * runtime/VM.h:
+
2013-12-09 Filip Pizlo <fpi...@apple.com>
Impose and enforce some basic rules of sanity for where Phi functions are allowed to occur and where their (optional) corresponding MovHints can be
Modified: trunk/Source/_javascript_Core/GNUmakefile.list.am (160376 => 160377)
--- trunk/Source/_javascript_Core/GNUmakefile.list.am 2013-12-10 19:29:43 UTC (rev 160376)
+++ trunk/Source/_javascript_Core/GNUmakefile.list.am 2013-12-10 19:37:29 UTC (rev 160377)
@@ -551,6 +551,7 @@
Source/_javascript_Core/heap/TinyBloomFilter.h \
Source/_javascript_Core/heap/MarkedSpace.cpp \
Source/_javascript_Core/heap/MarkedSpace.h \
+ Source/_javascript_Core/heap/RecursiveAllocationScope.h \
Source/_javascript_Core/heap/Region.h \
Source/_javascript_Core/heap/Strong.h \
Source/_javascript_Core/heap/StrongInlines.h \
Modified: trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj (160376 => 160377)
--- trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj 2013-12-10 19:29:43 UTC (rev 160376)
+++ trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj 2013-12-10 19:37:29 UTC (rev 160377)
@@ -983,6 +983,7 @@
<ClInclude Include="..\heap\MarkedSpace.h" />
<ClInclude Include="..\heap\MarkStack.h" />
<ClInclude Include="..\heap\MarkStackInlines.h" />
+ <ClInclude Include="..\heap\RecursiveAllocationScope.h" />
<ClInclude Include="..\heap\Region.h" />
<ClInclude Include="..\heap\SlotVisitor.h" />
<ClInclude Include="..\heap\SlotVisitorInlines.h" />
@@ -1347,4 +1348,4 @@
<ImportGroup Label="ExtensionTargets">
<Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
</ImportGroup>
-</Project>
\ No newline at end of file
+</Project>
Modified: trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj.filters (160376 => 160377)
--- trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj.filters 2013-12-10 19:29:43 UTC (rev 160376)
+++ trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj.filters 2013-12-10 19:37:29 UTC (rev 160377)
@@ -1667,6 +1667,9 @@
<ClInclude Include="..\heap\MarkStackInlines.h">
<Filter>heap</Filter>
</ClInclude>
+ <ClInclude Include="..\heap\RecursiveAllocationScope.h">
+ <Filter>heap</Filter>
+ </ClInclude>
<ClInclude Include="..\heap\Region.h">
<Filter>heap</Filter>
</ClInclude>
@@ -3170,4 +3173,4 @@
<Filter>jit</Filter>
</MASM>
</ItemGroup>
-</Project>
\ No newline at end of file
+</Project>
Modified: trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (160376 => 160377)
--- trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2013-12-10 19:29:43 UTC (rev 160376)
+++ trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2013-12-10 19:37:29 UTC (rev 160377)
@@ -721,6 +721,7 @@
2A48D1911772365B00C65A5F /* APICallbackFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = C211B574176A224D000E2A23 /* APICallbackFunction.h */; };
2A6F462617E959CE00C45C98 /* HeapOperation.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A6F462517E959CE00C45C98 /* HeapOperation.h */; settings = {ATTRIBUTES = (Private, ); }; };
2A7A58EF1808A4C40020BDF7 /* DeferGC.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */; };
+ 2AAD964A18569417001F93BE /* RecursiveAllocationScope.h in Headers */ = {isa = PBXBuildFile; fileRef = 2AAD964918569417001F93BE /* RecursiveAllocationScope.h */; };
2AD8932B17E3868F00668276 /* HeapIterationScope.h in Headers */ = {isa = PBXBuildFile; fileRef = 2AD8932917E3868F00668276 /* HeapIterationScope.h */; };
371D842D17C98B6E00ECF994 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 371D842C17C98B6E00ECF994 /* libz.dylib */; };
41359CF30FDD89AD00206180 /* DateConversion.h in Headers */ = {isa = PBXBuildFile; fileRef = D21202290AD4310C00ED79B6 /* DateConversion.h */; };
@@ -1999,6 +2000,7 @@
2A2825CF18341F2D0087FBA9 /* DelayedReleaseScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DelayedReleaseScope.h; sourceTree = "<group>"; };
2A6F462517E959CE00C45C98 /* HeapOperation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapOperation.h; sourceTree = "<group>"; };
2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DeferGC.cpp; sourceTree = "<group>"; };
+ 2AAD964918569417001F93BE /* RecursiveAllocationScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RecursiveAllocationScope.h; sourceTree = "<group>"; };
2AD8932917E3868F00668276 /* HeapIterationScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapIterationScope.h; sourceTree = "<group>"; };
371D842C17C98B6E00ECF994 /* libz.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libz.dylib; path = usr/lib/libz.dylib; sourceTree = SDKROOT; };
449097EE0F8F81B50076A327 /* FeatureDefines.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = FeatureDefines.xcconfig; sourceTree = "<group>"; };
@@ -3149,6 +3151,7 @@
0FC8150814043BCA00CFA603 /* WriteBarrierSupport.cpp */,
0FC8150914043BD200CFA603 /* WriteBarrierSupport.h */,
2A2825CF18341F2D0087FBA9 /* DelayedReleaseScope.h */,
+ 2AAD964918569417001F93BE /* RecursiveAllocationScope.h */,
);
path = heap;
sourceTree = "<group>";
@@ -4626,6 +4629,7 @@
0F2B66EA17B6B5AB00A7AE3F /* JSArrayBufferViewInlines.h in Headers */,
A7BDAECB17F4EA1400F6140C /* JSArrayIterator.h in Headers */,
BC18C4180E16F5CD00B34460 /* JSBase.h in Headers */,
+ 2AAD964A18569417001F93BE /* RecursiveAllocationScope.h in Headers */,
140D17D70E8AD4A9000CD17D /* JSBasePrivate.h in Headers */,
86FA9E92142BBB2E001773B7 /* JSBoundFunction.h in Headers */,
BC18C4190E16F5CD00B34460 /* JSCallbackConstructor.h in Headers */,
Modified: trunk/Source/_javascript_Core/heap/Heap.cpp (160376 => 160377)
--- trunk/Source/_javascript_Core/heap/Heap.cpp 2013-12-10 19:29:43 UTC (rev 160376)
+++ trunk/Source/_javascript_Core/heap/Heap.cpp 2013-12-10 19:37:29 UTC (rev 160377)
@@ -35,13 +35,14 @@
#include "HeapStatistics.h"
#include "IncrementalSweeper.h"
#include "Interpreter.h"
-#include "VM.h"
#include "JSGlobalObject.h"
#include "JSLock.h"
#include "JSONObject.h"
#include "Operations.h"
+#include "RecursiveAllocationScope.h"
#include "Tracing.h"
#include "UnlinkedCodeBlock.h"
+#include "VM.h"
#include "WeakSetInlines.h"
#include <algorithm>
#include <wtf/RAMSize.h>
@@ -754,9 +755,10 @@
_javascript_CORE_GC_BEGIN();
RELEASE_ASSERT(m_operationInProgress == NoOperation);
- m_deferralDepth++; // Make sure that we don't GC in this call.
- m_vm->prepareToDiscardCode();
- m_deferralDepth--; // Decrement deferal manually, so we don't GC when we do so, since we are already GCing!.
+ {
+ RecursiveAllocationScope scope(*this);
+ m_vm->prepareToDiscardCode();
+ }
m_operationInProgress = Collection;
m_extraMemoryUsage = 0;
Modified: trunk/Source/_javascript_Core/heap/Heap.h (160376 => 160377)
--- trunk/Source/_javascript_Core/heap/Heap.h 2013-12-10 19:29:43 UTC (rev 160376)
+++ trunk/Source/_javascript_Core/heap/Heap.h 2013-12-10 19:37:29 UTC (rev 160377)
@@ -204,6 +204,7 @@
friend class MarkedBlock;
friend class CopiedSpace;
friend class CopyVisitor;
+ friend class RecursiveAllocationScope;
friend class SlotVisitor;
friend class SuperRegion;
friend class IncrementalSweeper;
Added: trunk/Source/_javascript_Core/heap/RecursiveAllocationScope.h (0 => 160377)
--- trunk/Source/_javascript_Core/heap/RecursiveAllocationScope.h (rev 0)
+++ trunk/Source/_javascript_Core/heap/RecursiveAllocationScope.h 2013-12-10 19:37:29 UTC (rev 160377)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef RecursiveAllocationScope_h
+#define RecursiveAllocationScope_h
+
+#include "Heap.h"
+#include "VM.h"
+
+namespace JSC {
+
+class RecursiveAllocationScope {
+public:
+ RecursiveAllocationScope(Heap& heap)
+ : m_heap(heap)
+#ifndef NDEBUG
+ , m_savedObjectClass(heap.vm()->m_initializingObjectClass)
+#endif
+ {
+#ifndef NDEBUG
+ m_heap.vm()->m_initializingObjectClass = nullptr;
+#endif
+ m_heap.m_deferralDepth++; // Make sure that we don't GC.
+ }
+
+ ~RecursiveAllocationScope()
+ {
+ m_heap.m_deferralDepth--; // Decrement deferal manually so we don't GC when we do so since we are already GCing!.
+#ifndef NDEBUG
+ m_heap.vm()->m_initializingObjectClass = m_savedObjectClass;
+#endif
+ }
+
+private:
+ Heap& m_heap;
+#ifndef NDEBUG
+ const ClassInfo* m_savedObjectClass;
+#endif
+};
+
+}
+
+#endif // RecursiveAllocationScope_h
Modified: trunk/Source/_javascript_Core/runtime/VM.h (160376 => 160377)
--- trunk/Source/_javascript_Core/runtime/VM.h 2013-12-10 19:29:43 UTC (rev 160376)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2013-12-10 19:37:29 UTC (rev 160377)
@@ -477,6 +477,7 @@
private:
friend class LLIntOffsetsExtractor;
friend class ClearExceptionScope;
+ friend class RecursiveAllocationScope;
VM(VMType, HeapType);
static VM*& sharedInstanceInternal();
