Title: [171251] branches/safari-537.78-branch/Source/_javascript_Core
- Revision
- 171251
- Author
- [email protected]
- Date
- 2014-07-18 17:11:26 -0700 (Fri, 18 Jul 2014)
Log Message
Merge patch for <rdar://problem/16589513>
Modified Paths
Diff
Modified: branches/safari-537.78-branch/Source/_javascript_Core/ChangeLog (171250 => 171251)
--- branches/safari-537.78-branch/Source/_javascript_Core/ChangeLog 2014-07-19 00:00:52 UTC (rev 171250)
+++ branches/safari-537.78-branch/Source/_javascript_Core/ChangeLog 2014-07-19 00:11:26 UTC (rev 171251)
@@ -1,3 +1,31 @@
+2014-07-18 Dana Burkart <[email protected]>
+
+ Manually merged patch
+
+ 2014-02-21 Mark Lam <[email protected]>
+
+ gatherFromOtherThread() needs to align the sp before gathering roots.
+ <https://webkit.org/b/129169>
+
+ The GC scans the stacks of other threads using MachineThreads::gatherFromOtherThread().
+ gatherFromOtherThread() defines the range of the other thread's stack as
+ being bounded by the other thread's stack pointer and stack base. While
+ the stack base will always be aligned to sizeof(void*), the stack pointer
+ may not be. This is because the other thread may have just pushed a 32-bit
+ value on its stack before we suspended it for scanning.
+
+ The fix is to round the stack pointer up to the next aligned address of
+ sizeof(void*) and start scanning from there. On 64-bit systems, we will
+ effectively ignore the 32-bit word at the bottom of the stack (top of the
+ stack for stacks growing up) because it cannot be a 64-bit pointer anyway.
+ Pointers should always be stored on 64-bit aligned boundaries (our
+ conservative scan algorithm already depends on this assumption).
+
+ On 32-bit systems, the rounding is effectively a no-op.
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::MachineThreads::gatherFromOtherThread):
+
2014-05-23 Dana Burkart <[email protected]>
Merge r167832
Modified: branches/safari-537.78-branch/Source/_javascript_Core/heap/MachineStackMarker.cpp (171250 => 171251)
--- branches/safari-537.78-branch/Source/_javascript_Core/heap/MachineStackMarker.cpp 2014-07-19 00:00:52 UTC (rev 171250)
+++ branches/safari-537.78-branch/Source/_javascript_Core/heap/MachineStackMarker.cpp 2014-07-19 00:11:26 UTC (rev 171251)
@@ -465,6 +465,7 @@
void* stackPointer = otherThreadStackPointer(regs);
void* stackBase = thread->stackBase;
swapIfBackwards(stackPointer, stackBase);
+ stackPointer = reinterpret_cast<void*>(WTF::roundUpToMultipleOf<sizeof(void*)>(reinterpret_cast<size_t>(stackPointer)));
conservativeRoots.add(stackPointer, stackBase);
freePlatformThreadRegisters(regs);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
