- Revision
- 118269
- Author
- [email protected]
- Date
- 2012-05-23 16:55:27 -0700 (Wed, 23 May 2012)
Log Message
Refactored WeakBlock to use malloc, clarify behavior
https://bugs.webkit.org/show_bug.cgi?id=87318
Reviewed by Filip Pizlo.
We want to use malloc so we can make these smaller than 4KB,
since an individual MarkedBlock will usually have fewer than
4KB worth of weak pointers.
* heap/Heap.cpp:
(JSC::Heap::markRoots): Renamed visitLiveWeakImpls to visit, since
we no longer need to distinguish from "visitDeadWeakImpls".
Renamed "visitDeadWeakImpls" to "reap" because we're not actually
doing any visiting -- we're just tagging things as dead.
* heap/WeakBlock.cpp:
(JSC::WeakBlock::create):
(JSC::WeakBlock::destroy):
(JSC::WeakBlock::WeakBlock): Malloc!
(JSC::WeakBlock::visit):
(JSC::WeakBlock::reap): Renamed as above.
* heap/WeakBlock.h:
(WeakBlock): Reduced to 3KB, as explained above.
* heap/WeakSet.cpp:
(JSC::WeakSet::visit):
(JSC::WeakSet::reap):
* heap/WeakSet.h:
(WeakSet): Updated for renames, and to match WebKit style.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (118268 => 118269)
--- trunk/Source/_javascript_Core/ChangeLog 2012-05-23 23:53:44 UTC (rev 118268)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-05-23 23:55:27 UTC (rev 118269)
@@ -1,3 +1,38 @@
+2012-05-23 Geoffrey Garen <[email protected]>
+
+ Refactored WeakBlock to use malloc, clarify behavior
+ https://bugs.webkit.org/show_bug.cgi?id=87318
+
+ Reviewed by Filip Pizlo.
+
+ We want to use malloc so we can make these smaller than 4KB,
+ since an individual MarkedBlock will usually have fewer than
+ 4KB worth of weak pointers.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots): Renamed visitLiveWeakImpls to visit, since
+ we no longer need to distinguish from "visitDeadWeakImpls".
+
+ Renamed "visitDeadWeakImpls" to "reap" because we're not actually
+ doing any visiting -- we're just tagging things as dead.
+
+ * heap/WeakBlock.cpp:
+ (JSC::WeakBlock::create):
+ (JSC::WeakBlock::destroy):
+ (JSC::WeakBlock::WeakBlock): Malloc!
+
+ (JSC::WeakBlock::visit):
+ (JSC::WeakBlock::reap): Renamed as above.
+
+ * heap/WeakBlock.h:
+ (WeakBlock): Reduced to 3KB, as explained above.
+
+ * heap/WeakSet.cpp:
+ (JSC::WeakSet::visit):
+ (JSC::WeakSet::reap):
+ * heap/WeakSet.h:
+ (WeakSet): Updated for renames, and to match WebKit style.
+
2012-05-23 Filip Pizlo <[email protected]>
Use after free in JSC::DFG::ByteCodeParser::processPhiStack
Modified: trunk/Source/_javascript_Core/heap/Heap.cpp (118268 => 118269)
--- trunk/Source/_javascript_Core/heap/Heap.cpp 2012-05-23 23:53:44 UTC (rev 118268)
+++ trunk/Source/_javascript_Core/heap/Heap.cpp 2012-05-23 23:55:27 UTC (rev 118269)
@@ -561,7 +561,7 @@
{
GCPHASE(VisitingLiveWeakHandles);
while (true) {
- m_weakSet.visitLiveWeakImpls(heapRootVisitor);
+ m_weakSet.visit(heapRootVisitor);
harvestWeakReferences();
if (visitor.isEmpty())
break;
@@ -576,8 +576,8 @@
}
{
- GCPHASE(VisitingDeadWeakHandles);
- m_weakSet.visitDeadWeakImpls(heapRootVisitor);
+ GCPHASE(ReapingWeakHandles);
+ m_weakSet.reap();
}
GCCOUNTER(VisitedValueCount, visitor.visitCount());
Modified: trunk/Source/_javascript_Core/heap/WeakBlock.cpp (118268 => 118269)
--- trunk/Source/_javascript_Core/heap/WeakBlock.cpp 2012-05-23 23:53:44 UTC (rev 118268)
+++ trunk/Source/_javascript_Core/heap/WeakBlock.cpp 2012-05-23 23:55:27 UTC (rev 118269)
@@ -36,19 +36,16 @@
WeakBlock* WeakBlock::create()
{
- PageAllocation allocation = PageAllocation::allocate(blockSize, OSAllocator::JSGCHeapPages);
- if (!static_cast<bool>(allocation))
- CRASH();
- return new (NotNull, allocation.base()) WeakBlock(allocation);
+ void* allocation = fastMalloc(blockSize);
+ return new (NotNull, allocation) WeakBlock;
}
void WeakBlock::destroy(WeakBlock* block)
{
- block->m_allocation.deallocate();
+ fastFree(block);
}
-WeakBlock::WeakBlock(PageAllocation& allocation)
- : m_allocation(allocation)
+WeakBlock::WeakBlock()
{
for (size_t i = 0; i < weakImplCount(); ++i) {
WeakImpl* weakImpl = &weakImpls()[i];
@@ -90,7 +87,7 @@
ASSERT(!m_sweepResult.isNull());
}
-void WeakBlock::visitLiveWeakImpls(HeapRootVisitor& heapRootVisitor)
+void WeakBlock::visit(HeapRootVisitor& heapRootVisitor)
{
// If a block is completely empty, a visit won't have any effect.
if (isEmpty())
@@ -118,9 +115,9 @@
}
}
-void WeakBlock::visitDeadWeakImpls(HeapRootVisitor&)
+void WeakBlock::reap()
{
- // If a block is completely empty, a visit won't have any effect.
+ // If a block is completely empty, a reaping won't have any effect.
if (isEmpty())
return;
Modified: trunk/Source/_javascript_Core/heap/WeakBlock.h (118268 => 118269)
--- trunk/Source/_javascript_Core/heap/WeakBlock.h 2012-05-23 23:53:44 UTC (rev 118268)
+++ trunk/Source/_javascript_Core/heap/WeakBlock.h 2012-05-23 23:55:27 UTC (rev 118269)
@@ -30,7 +30,6 @@
#include "WeakHandleOwner.h"
#include "WeakImpl.h"
#include <wtf/DoublyLinkedList.h>
-#include <wtf/PageAllocation.h>
#include <wtf/StdLibExtras.h>
namespace JSC {
@@ -42,7 +41,7 @@
class WeakBlock : public DoublyLinkedListNode<WeakBlock> {
public:
friend class WTF::DoublyLinkedListNode<WeakBlock>;
- static const size_t blockSize = 4 * KB;
+ static const size_t blockSize = 3 * KB; // 5% of MarkedBlock size
struct FreeCell {
FreeCell* next;
@@ -64,25 +63,23 @@
bool isEmpty();
void sweep();
- const SweepResult& sweepResult();
SweepResult takeSweepResult();
- void visitLiveWeakImpls(HeapRootVisitor&);
- void visitDeadWeakImpls(HeapRootVisitor&);
+ void visit(HeapRootVisitor&);
+ void reap();
void lastChanceToFinalize();
private:
static FreeCell* asFreeCell(WeakImpl*);
- WeakBlock(PageAllocation&);
+ WeakBlock();
WeakImpl* firstWeakImpl();
void finalize(WeakImpl*);
WeakImpl* weakImpls();
size_t weakImplCount();
void addToFreeList(FreeCell**, WeakImpl*);
- PageAllocation m_allocation;
WeakBlock* m_prev;
WeakBlock* m_next;
SweepResult m_sweepResult;
@@ -113,11 +110,6 @@
return tmp;
}
-inline const WeakBlock::SweepResult& WeakBlock::sweepResult()
-{
- return m_sweepResult;
-}
-
inline WeakBlock::FreeCell* WeakBlock::asFreeCell(WeakImpl* weakImpl)
{
return reinterpret_cast<FreeCell*>(weakImpl);
Modified: trunk/Source/_javascript_Core/heap/WeakSet.cpp (118268 => 118269)
--- trunk/Source/_javascript_Core/heap/WeakSet.cpp 2012-05-23 23:53:44 UTC (rev 118268)
+++ trunk/Source/_javascript_Core/heap/WeakSet.cpp 2012-05-23 23:55:27 UTC (rev 118269)
@@ -46,16 +46,16 @@
block->lastChanceToFinalize();
}
-void WeakSet::visitLiveWeakImpls(HeapRootVisitor& visitor)
+void WeakSet::visit(HeapRootVisitor& visitor)
{
for (WeakBlock* block = m_blocks.head(); block; block = block->next())
- block->visitLiveWeakImpls(visitor);
+ block->visit(visitor);
}
-void WeakSet::visitDeadWeakImpls(HeapRootVisitor& visitor)
+void WeakSet::reap()
{
for (WeakBlock* block = m_blocks.head(); block; block = block->next())
- block->visitDeadWeakImpls(visitor);
+ block->reap();
}
void WeakSet::sweep()
Modified: trunk/Source/_javascript_Core/heap/WeakSet.h (118268 => 118269)
--- trunk/Source/_javascript_Core/heap/WeakSet.h 2012-05-23 23:53:44 UTC (rev 118268)
+++ trunk/Source/_javascript_Core/heap/WeakSet.h 2012-05-23 23:55:27 UTC (rev 118269)
@@ -35,16 +35,16 @@
class WeakSet {
public:
+ static WeakImpl* allocate(JSValue, WeakHandleOwner* = 0, void* context = 0);
+ static void deallocate(WeakImpl*);
+
WeakSet(Heap*);
+ ~WeakSet();
void lastChanceToFinalize();
- ~WeakSet();
- static WeakImpl* allocate(JSValue, WeakHandleOwner* = 0, void* context = 0);
- static void deallocate(WeakImpl*);
+ void visit(HeapRootVisitor&);
+ void reap();
- void visitLiveWeakImpls(HeapRootVisitor&);
- void visitDeadWeakImpls(HeapRootVisitor&);
-
void sweep();
void resetAllocator();
