commit d13163df3c4377d1a7a47bf0a2fea9ac61552f08
author fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Sat Sep 03 05:14:04 2011 +0000
committer fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Sat Sep 03 05:14:04 2011 +0000
tree 2a94f3171e91d1e893fee2efb6eee13254102f48
parent 536245c69218d6a08ca85ed5067a002995ad34de

ValueProfile does not make it safe to introspect cell values
after garbage collection
https://bugs.webkit.org/show_bug.cgi?id=67354

Reviewed by Gavin Barraclough.

ValueProfile buckets are now weak references, implemented using a
light-weight weak reference mechanism that this patch also adds (the
WeakReferenceHarvester).  If a cell stored in a ValueProfile bucket
is not marked, then the bucket is transformed into a Structure
pointer.  If the Structure is not marked either, then it is turned
into a ClassInfo pointer.

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::visitWeakReferences):
* bytecode/CodeBlock.h:
* bytecode/ValueProfile.h:
(JSC::ValueProfile::ValueProfile):
(JSC::ValueProfile::classInfo):
(JSC::ValueProfile::numberOfInt32s):
(JSC::ValueProfile::numberOfDoubles):
(JSC::ValueProfile::numberOfCells):
(JSC::ValueProfile::numberOfArrays):
(JSC::ValueProfile::probabilityOfArray):
(JSC::ValueProfile::WeakBucket::WeakBucket):
(JSC::ValueProfile::WeakBucket::operator!):
(JSC::ValueProfile::WeakBucket::isEmpty):
(JSC::ValueProfile::WeakBucket::isClassInfo):
(JSC::ValueProfile::WeakBucket::isStructure):
(JSC::ValueProfile::WeakBucket::asStructure):
(JSC::ValueProfile::WeakBucket::asClassInfo):
(JSC::ValueProfile::WeakBucket::getClassInfo):
* heap/Heap.cpp:
(JSC::Heap::harvestWeakReferences):
(JSC::Heap::markRoots):
* heap/Heap.h:
* heap/MarkStack.cpp:
(JSC::SlotVisitor::drain):
(JSC::SlotVisitor::harvestWeakReferences):
* heap/MarkStack.h:
(JSC::MarkStack::addWeakReferenceHarvester):
(JSC::MarkStack::MarkStack):
(JSC::MarkStack::appendUnbarrieredPointer):
* heap/SlotVisitor.h:
* heap/WeakReferenceHarvester.h: Added.
(JSC::WeakReferenceHarvester::WeakReferenceHarvester):
(JSC::WeakReferenceHarvester::~WeakReferenceHarvester):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94477 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/heap/WeakReferenceHarvester.h

diff --git a/Source/JavaScriptCore/heap/WeakReferenceHarvester.h b/Source/JavaScriptCore/heap/WeakReferenceHarvester.h
new file mode 100644
index 0000000..4716d9a
--- /dev/null
+++ b/Source/JavaScriptCore/heap/WeakReferenceHarvester.h
@@ -0,0 +1,51 @@
+/*
+ *  Copyright (C) 2011 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef WeakReferenceHarvester_h
+#define WeakReferenceHarvester_h
+
+#include <stdint.h>
+
+namespace JSC {
+
+class MarkStack;
+class SlotVisitor;
+
+class WeakReferenceHarvester {
+public:
+    virtual void visitWeakReferences(SlotVisitor&) = 0;
+    
+protected:
+    WeakReferenceHarvester()
+        : m_nextAndFlag(0)
+    {
+    }
+    
+    virtual ~WeakReferenceHarvester() { }
+
+private:
+    friend class MarkStack;
+    friend class SlotVisitor;
+    
+    uintptr_t m_nextAndFlag;
+};
+
+} // namespace JSC
+
+#endif // WeakReferenceHarvester_h