Skip to site navigation (Press enter)

[webkit-changes] [199803] trunk/Source/JavaScriptCore

ggaren Wed, 20 Apr 2016 21:41:23 -0700

Title: [199803] trunk/Source/_javascript_Core

Revision: 199803
Author: [email protected]
Date: 2016-04-20 21:40:18 -0700 (Wed, 20 Apr 2016)

Log Message

_javascript_Core garbage collection is missing an autorelease pool
https://bugs.webkit.org/show_bug.cgi?id=156751
<rdar://problem/25787802>


Reviewed by Mark Lam.

* heap/Heap.cpp:
(JSC::Heap::releaseDelayedReleasedObjects): Add an autorelease pool to
catch autoreleases when we call out to arbitrary ObjC code.

We use the C interface here because this is not an ObjC compilation unit.

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/heap/Heap.cpp
trunk/Source/_javascript_Core/heap/Heap.h
trunk/Source/_javascript_Core/heap/HeapInlines.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (199802 => 199803)


--- trunk/Source/_javascript_Core/ChangeLog	2016-04-21 04:25:02 UTC (rev 199802)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-04-21 04:40:18 UTC (rev 199803)
@@ -1,3 +1,17 @@
+2016-04-20  Geoffrey Garen  <[email protected]>
+
+        _javascript_Core garbage collection is missing an autorelease pool
+        https://bugs.webkit.org/show_bug.cgi?id=156751
+        <rdar://problem/25787802>
+
+        Reviewed by Mark Lam.
+
+        * heap/Heap.cpp:
+        (JSC::Heap::releaseDelayedReleasedObjects): Add an autorelease pool to
+        catch autoreleases when we call out to arbitrary ObjC code.
+
+        We use the C interface here because this is not an ObjC compilation unit.
+
 2016-04-20  Filip Pizlo  <[email protected]>
 
         DFG del_by_id support forgets to set()

Modified: trunk/Source/_javascript_Core/heap/Heap.cpp (199802 => 199803)


--- trunk/Source/_javascript_Core/heap/Heap.cpp	2016-04-21 04:25:02 UTC (rev 199802)
+++ trunk/Source/_javascript_Core/heap/Heap.cpp	2016-04-21 04:40:18 UTC (rev 199803)
@@ -58,6 +58,13 @@
 #include <wtf/ProcessID.h>
 #include <wtf/RAMSize.h>
 
+#if __has_include(<objc/objc-internal.h>)
+#include <objc/objc-internal.h>
+#else
+extern "C" void* objc_autoreleasePoolPush(void);
+extern "C" void objc_autoreleasePoolPop(void *context);
+#endif
+
 using namespace std;
 
 namespace JSC {
@@ -355,7 +362,7 @@
     , m_sweeper(std::make_unique<IncrementalSweeper>(this))
 #endif
     , m_deferralDepth(0)
-#if USE(CF)
+#if USE(FOUNDATION)
     , m_delayedReleaseRecursionCount(0)
 #endif
     , m_helperClient(&heapHelperPool())
@@ -393,7 +400,7 @@
 
 void Heap::releaseDelayedReleasedObjects()
 {
-#if USE(CF)
+#if USE(FOUNDATION)
     // We need to guard against the case that releasing an object can create more objects due to the
     // release calling into JS. When those JS call(s) exit and all locks are being dropped we end up
     // back here and could try to recursively release objects. We guard that with a recursive entry
@@ -411,7 +418,9 @@
                 // We need to drop locks before calling out to arbitrary code.
                 JSLock::DropAllLocks dropAllLocks(m_vm);
 
+                void* context = objc_autoreleasePoolPush();
                 objectsToRelease.clear();
+                objc_autoreleasePoolPop(context);
             }
         }
     }

Modified: trunk/Source/_javascript_Core/heap/Heap.h (199802 => 199803)


--- trunk/Source/_javascript_Core/heap/Heap.h	2016-04-21 04:25:02 UTC (rev 199802)
+++ trunk/Source/_javascript_Core/heap/Heap.h	2016-04-21 04:40:18 UTC (rev 199803)
@@ -236,8 +236,8 @@
 
     CodeBlockSet& codeBlockSet() { return m_codeBlocks; }
 
-#if USE(CF)
-        template<typename T> void releaseSoon(RetainPtr<T>&&);
+#if USE(FOUNDATION)
+    template<typename T> void releaseSoon(RetainPtr<T>&&);
 #endif
 
     static bool isZombified(JSCell* cell) { return *(void**)cell == zombifiedBits; }
@@ -435,7 +435,8 @@
     Vector<DFG::Worklist*> m_suspendedCompilerWorklists;
 
     std::unique_ptr<HeapVerifier> m_verifier;
-#if USE(CF)
+
+#if USE(FOUNDATION)
     Vector<RetainPtr<CFTypeRef>> m_delayedReleaseObjects;
     unsigned m_delayedReleaseRecursionCount;
 #endif

Modified: trunk/Source/_javascript_Core/heap/HeapInlines.h (199802 => 199803)


--- trunk/Source/_javascript_Core/heap/HeapInlines.h	2016-04-21 04:25:02 UTC (rev 199802)
+++ trunk/Source/_javascript_Core/heap/HeapInlines.h	2016-04-21 04:40:18 UTC (rev 199803)
@@ -256,7 +256,7 @@
 #endif
 }
 
-#if USE(CF)
+#if USE(FOUNDATION)
 template <typename T>
 inline void Heap::releaseSoon(RetainPtr<T>&& object)
 {

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes