Title: [116565] trunk/Source/_javascript_Core
- Revision
- 116565
- Author
- [email protected]
- Date
- 2012-05-09 15:50:42 -0700 (Wed, 09 May 2012)
Log Message
CopiedSpace does not add pinned blocks back to the to-space filter
https://bugs.webkit.org/show_bug.cgi?id=86011
Reviewed by Geoffrey Garen.
After a collection has finished, we go through the blocks in from-space
and move any of them that are pinned into to-space. At the beginning of
collection, we reset the to-space block filter that is used during
conservative scanning and add back the blocks that are filled during the
collection. However, we neglect to add back those blocks that are moved
from from-space to to-space, which can cause the conservative scan to
think that some pinned items are not actually in CopiedSpace.
* heap/CopiedSpace.cpp:
(JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the
to-space filter. Also added a comment and assert for future readers that
indicates that it's okay that we don't also add the block to the
to-space block set since it was never removed.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (116564 => 116565)
--- trunk/Source/_javascript_Core/ChangeLog 2012-05-09 22:45:20 UTC (rev 116564)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-05-09 22:50:42 UTC (rev 116565)
@@ -1,3 +1,25 @@
+2012-05-09 Mark Hahnenberg <[email protected]>
+
+ CopiedSpace does not add pinned blocks back to the to-space filter
+ https://bugs.webkit.org/show_bug.cgi?id=86011
+
+ Reviewed by Geoffrey Garen.
+
+ After a collection has finished, we go through the blocks in from-space
+ and move any of them that are pinned into to-space. At the beginning of
+ collection, we reset the to-space block filter that is used during
+ conservative scanning and add back the blocks that are filled during the
+ collection. However, we neglect to add back those blocks that are moved
+ from from-space to to-space, which can cause the conservative scan to
+ think that some pinned items are not actually in CopiedSpace.
+
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the
+ to-space filter. Also added a comment and assert for future readers that
+ indicates that it's okay that we don't also add the block to the
+ to-space block set since it was never removed.
+
+
2012-05-09 Carlos Garcia Campos <[email protected]>
[GTK] Use independent version numbers for public libraries
Modified: trunk/Source/_javascript_Core/heap/CopiedSpace.cpp (116564 => 116565)
--- trunk/Source/_javascript_Core/heap/CopiedSpace.cpp 2012-05-09 22:45:20 UTC (rev 116564)
+++ trunk/Source/_javascript_Core/heap/CopiedSpace.cpp 2012-05-09 22:50:42 UTC (rev 116565)
@@ -183,6 +183,9 @@
CopiedBlock* block = static_cast<CopiedBlock*>(m_fromSpace->removeHead());
if (block->m_isPinned) {
block->m_isPinned = false;
+ // We don't add the block to the toSpaceSet because it was never removed.
+ ASSERT(m_toSpaceSet.contains(block));
+ m_toSpaceFilter.add(reinterpret_cast<Bits>(block));
m_toSpace->push(block);
continue;
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
