Google Git
Sign in
webkit / WebKit / 8eafba557db9408e01d988d7e28f4544b5ab5594^! / . / Source / JavaScriptCore / runtime
commit8eafba557db9408e01d988d7e28f4544b5ab5594[log] [tgz]
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Feb 22 02:02:32 2019 +0000
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Feb 22 02:02:32 2019 +0000
tree3c859e913a2c96aeccc714c6d75e652f951123e8
parent2102834a54120d2aa82728f7a8d49a1b85feea35 [diff]
Add more doesGC() assertions.
https://bugs.webkit.org/show_bug.cgi?id=194911
<rdar://problem/48285723>

Reviewed by Saam Barati and Yusuke Suzuki.

* dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::compileOSRExit):
- Set expectDoesGC here because we no longer have to worry about missing store
  barriers in optimized code after this point.  This will prevent false positive
  assertion failures arising from functions called beneath compileOSRExit().

(JSC::DFG::OSRExit::compileExit):
- Add a comment to explain why the generated ramp needs to set expectDoesGC even
  though compileOSRExit() also sets it.  Reason: compileOSRExit() is only called
  for the first OSR from this code origin, the generated ramp is called for many
  subsequents OSR exits from this code origin.

* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
- Added a comment for the equivalent reason to the one above.

(JSC::FTL::compileFTLOSRExit):
- Set expectDoesGC here because we no longer have to worry about missing store
  barriers in optimized code after this point.  This will prevent false positive
  assertion failures arising from functions called beneath compileFTLOSRExit().

* heap/CompleteSubspace.cpp:
(JSC::CompleteSubspace::tryAllocateSlow):
* heap/CompleteSubspaceInlines.h:
(JSC::CompleteSubspace::allocateNonVirtual):
- assert expectDoesGC.

* heap/DeferGC.h:
(JSC::DeferGC::~DeferGC):
- assert expectDoesGC.
- Also added WTF_FORBID_HEAP_ALLOCATION to DeferGC, DeferGCForAWhile, and DisallowGC
  because all 3 should be stack allocated RAII objects.

* heap/GCDeferralContext.h:
* heap/GCDeferralContextInlines.h:
(JSC::GCDeferralContext::~GCDeferralContext):
- Added WTF_FORBID_HEAP_ALLOCATION.
- assert expectDoesGC.

* heap/Heap.cpp:
(JSC::Heap::collectNow):
(JSC::Heap::collectAsync):
(JSC::Heap::collectSync):
(JSC::Heap::stopIfNecessarySlow):
(JSC::Heap::collectIfNecessaryOrDefer):
* heap/HeapInlines.h:
(JSC::Heap::acquireAccess):
(JSC::Heap::stopIfNecessary):
* heap/LargeAllocation.cpp:
(JSC::LargeAllocation::tryCreate):
* heap/LocalAllocatorInlines.h:
(JSC::LocalAllocator::allocate):
- conservatively assert expectDoesGC on these functions that may trigger a GC
  though they don't always do.

* runtime/DisallowScope.h:
- DisallowScope should be stack allocated because it's an RAII object.

* runtime/JSCellInlines.h:
(JSC::tryAllocateCellHelper):
- Remove the expectDoesGC assertion because it is now covered by assertions in
  CompleteSubspace, LargeAllocation, and LocalAllocator.

* runtime/RegExpMatchesArray.h:
(JSC::createRegExpMatchesArray):
- assert expectDoesGC.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@241927 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/runtime/DisallowScope.h b/Source/JavaScriptCore/runtime/DisallowScope.h
index 979cf18..2e3ad5a 100644
--- a/Source/JavaScriptCore/runtime/DisallowScope.h
+++ b/Source/JavaScriptCore/runtime/DisallowScope.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -25,6 +25,7 @@
 
 #pragma once
 
+#include <wtf/ForbidHeapAllocation.h>
 #include <wtf/Noncopyable.h>
 
 namespace JSC {
@@ -32,6 +33,7 @@
 template<class T>
 class DisallowScope {
     WTF_MAKE_NONCOPYABLE(DisallowScope);
+    WTF_FORBID_HEAP_ALLOCATION;
 public:
 #ifdef NDEBUG
 

diff --git a/Source/JavaScriptCore/runtime/JSCellInlines.h b/Source/JavaScriptCore/runtime/JSCellInlines.h
index 40dc899..1a4af2ac 100644
--- a/Source/JavaScriptCore/runtime/JSCellInlines.h
+++ b/Source/JavaScriptCore/runtime/JSCellInlines.h

@@ -166,9 +166,6 @@
 ALWAYS_INLINE void* tryAllocateCellHelper(Heap& heap, size_t size, GCDeferralContext* deferralContext, AllocationFailureMode failureMode)
 {
     VM& vm = *heap.vm();
-    if (validateDFGDoesGC)
-        RELEASE_ASSERT(heap.expectDoesGC());
-
     ASSERT(deferralContext || !DisallowGC::isInEffectOnCurrentThread());
     ASSERT(size >= sizeof(T));
     JSCell* result = static_cast<JSCell*>(subspaceFor<T>(vm)->allocateNonVirtual(vm, size, deferralContext, failureMode));

diff --git a/Source/JavaScriptCore/runtime/RegExpMatchesArray.h b/Source/JavaScriptCore/runtime/RegExpMatchesArray.h
index e957bf9..75239da 100644
--- a/Source/JavaScriptCore/runtime/RegExpMatchesArray.h
+++ b/Source/JavaScriptCore/runtime/RegExpMatchesArray.h

@@ -62,6 +62,9 @@
     VM& vm, JSGlobalObject* globalObject, JSString* input, const String& inputValue,
     RegExp* regExp, unsigned startOffset, MatchResult& result)
 {
+    if (validateDFGDoesGC)
+        RELEASE_ASSERT(vm.heap.expectDoesGC());
+
     Vector<int, 32> subpatternResults;
     int position = regExp->matchInline(vm, inputValue, startOffset, subpatternResults);
     if (position == -1) {