Google Git
Sign in
webkit / WebKit / 128303991ee4121ddb106de47aa2d8b21fd50f4b^! / . / Source / JavaScriptCore / heap / Heap.cpp
commit128303991ee4121ddb106de47aa2d8b21fd50f4b[log] [tgz]
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Mon May 21 05:42:56 2012 +0000
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Mon May 21 05:42:56 2012 +0000
treec67d8eb6f8b054e40db7c7106ff464d4855417a5
parenta0552ba3e020fc13be89e5daac96143da2bb13fe [diff] [blame]
JSGlobalData ScratchBuffers Are Not Visited During Garbage Collection
https://bugs.webkit.org/show_bug.cgi?id=86553

Reviewed by Gavin Barraclough.

Scratch buffers can contain the only reference to live objects.
Therefore visit scratch buffer contents as conservative roots.
Changed the scratch buffers to be a struct with an "active"
length and the actual buffer.  The users of the scratch
buffer emit code where needed to set and clear the active
length as appropriate.  During marking, the active count is
used for conservative marking.

* dfg/DFGAssemblyHelpers.h:
(JSC::DFG::AssemblyHelpers::debugCall):
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGThunks.cpp:
(JSC::DFG::osrExitGenerationThunkGenerator):
* heap/Heap.cpp:
(JSC::Heap::markRoots):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::gatherConservativeRoots):
* runtime/JSGlobalData.h:
(JSC::ScratchBuffer::ScratchBuffer):
(ScratchBuffer):
(JSC::ScratchBuffer::allocationSize):
(JSC::ScratchBuffer::setActiveLength):
(JSC::ScratchBuffer::activeLength):
(JSC::ScratchBuffer::activeLengthPtr):
(JSC::ScratchBuffer::dataBuffer):
(JSGlobalData):
(JSC::JSGlobalData::scratchBufferForSize):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117729 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/heap/Heap.cpp b/Source/JavaScriptCore/heap/Heap.cpp
index 2254b5b..2ee02ae 100644
--- a/Source/JavaScriptCore/heap/Heap.cpp
+++ b/Source/JavaScriptCore/heap/Heap.cpp

@@ -451,6 +451,15 @@
         GCPHASE(GatherRegisterFileRoots);
         registerFile().gatherConservativeRoots(registerFileRoots, m_dfgCodeBlocks);
     }
+
+#if ENABLE(DFG_JIT)
+    ConservativeRoots scratchBufferRoots(&m_objectSpace.blocks(), &m_storageSpace);
+    {
+        GCPHASE(GatherScratchBufferRoots);
+        m_globalData->gatherConservativeRoots(scratchBufferRoots);
+    }
+#endif
+
 #if ENABLE(GGC)
     MarkedBlock::DirtyCellVector dirtyCells;
     if (!fullGC) {
@@ -497,6 +506,13 @@
             visitor.append(registerFileRoots);
             visitor.donateAndDrain();
         }
+#if ENABLE(DFG_JIT)
+        {
+            GCPHASE(VisitScratchBufferRoots);
+            visitor.append(scratchBufferRoots);
+            visitor.donateAndDrain();
+        }
+#endif
         {
             GCPHASE(VisitProtectedObjects);
             markProtectedObjects(heapRootVisitor);