Title: [119048] branches/safari-536-branch/Source/_javascript_Core
- Revision
- 119048
- Author
- [email protected]
- Date
- 2012-05-30 21:20:17 -0700 (Wed, 30 May 2012)
Log Message
Merged r118810 -> <rdar://problem/11459513>
Modified Paths
Diff
Modified: branches/safari-536-branch/Source/_javascript_Core/ChangeLog (119047 => 119048)
--- branches/safari-536-branch/Source/_javascript_Core/ChangeLog 2012-05-31 04:12:00 UTC (rev 119047)
+++ branches/safari-536-branch/Source/_javascript_Core/ChangeLog 2012-05-31 04:20:17 UTC (rev 119048)
@@ -1,5 +1,31 @@
2012-05-30 Lucas Forschler <[email protected]>
+ Merge 118810
+
+ 2012-05-29 Mark Hahnenberg <[email protected]>
+
+ CopiedSpace::doneCopying could start another collection
+ https://bugs.webkit.org/show_bug.cgi?id=86538
+
+ Reviewed by Geoffrey Garen.
+
+ It's possible that if we don't have anything at the head of to-space
+ after a collection and the BlockAllocator doesn't have any fresh blocks
+ to give us right now we could start another collection while still in
+ the middle of the first collection when we call CopiedSpace::addNewBlock().
+
+ One way to resolve this would be to have Heap::shouldCollect() check that
+ m_operationInProgress is NoOperation. This would prevent the path in
+ getFreshBlock() that starts the collection if we're already in the middle of one.
+
+ I could not come up with a test case to reproduce this crash on ToT.
+
+ * heap/Heap.h:
+ (JSC::Heap::shouldCollect): We shouldn't collect if we're already in the middle
+ of a collection, i.e. the current operation should be NoOperation.
+
+2012-05-30 Lucas Forschler <[email protected]>
+
Merge <rdar://problem/11519288>
2012-05-23 Lucas Forschler <[email protected]>
Modified: branches/safari-536-branch/Source/_javascript_Core/heap/Heap.h (119047 => 119048)
--- branches/safari-536-branch/Source/_javascript_Core/heap/Heap.h 2012-05-31 04:12:00 UTC (rev 119047)
+++ branches/safari-536-branch/Source/_javascript_Core/heap/Heap.h 2012-05-31 04:20:17 UTC (rev 119048)
@@ -253,9 +253,9 @@
inline bool Heap::shouldCollect()
{
#if ENABLE(GGC)
- return m_objectSpace.nurseryWaterMark() >= m_minBytesPerCycle && m_isSafeToCollect;
+ return m_objectSpace.nurseryWaterMark() >= m_minBytesPerCycle && m_isSafeToCollect && m_operationInProgress == NoOperation;
#else
- return m_bytesAllocated > m_bytesAllocatedLimit && m_isSafeToCollect;
+ return m_bytesAllocated > m_bytesAllocatedLimit && m_isSafeToCollect && m_operationInProgress == NoOperation;
#endif
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
