From 90c58273524a6eb69bdbfe35023e63924c54a734 Mon Sep 17 00:00:00 2001 From: Mark Hahnenberg Date: Mon, 4 Feb 2013 14:21:12 +0100 Subject: Restrictions on oversize CopiedBlock allocations should be relaxed https://bugs.webkit.org/show_bug.cgi?id=105339 Reviewed by Filip Pizlo. Currently the DFG has a single branch in the inline allocation path for property/array storage where it checks to see if the number of bytes requested will fit in the current block. This does not match what the C++ allocation path does; it checks if the requested number of bytes is oversize, and then if it's not, it tries to fit it in the current block. The garbage collector assumes that ALL allocations that are greater than 16KB are in oversize blocks. Therefore, this mismatch can lead to crashes when the collector tries to perform some operation on a CopiedBlock. To avoid adding an extra branch to the inline allocation path in the JIT, we should make it so that oversize blocks are allocated on the same alignment boundaries so that there is a single mask to find the block header of any CopiedBlock (rather than two, one for normal and one for oversize blocks), and we should figure out if a block is oversize by some other method than just whatever the JSObject says it is. One way we could record this info Region of the block, since we allocate a one-off Region for oversize blocks. * heap/BlockAllocator.h: (JSC::Region::isCustomSize): (Region): (JSC::Region::createCustomSize): (JSC::Region::Region): (JSC::BlockAllocator::deallocateCustomSize): * heap/CopiedBlock.h: (CopiedBlock): (JSC::CopiedBlock::isOversize): (JSC): * heap/CopiedSpace.cpp: (JSC::CopiedSpace::tryAllocateOversize): (JSC::CopiedSpace::tryReallocate): (JSC::CopiedSpace::tryReallocateOversize): * heap/CopiedSpace.h: (CopiedSpace): * heap/CopiedSpaceInlines.h: (JSC::CopiedSpace::contains): (JSC::CopiedSpace::tryAllocate): (JSC): * heap/CopyVisitor.h: (CopyVisitor): * heap/CopyVisitorInlines.h: (JSC::CopyVisitor::checkIfShouldCopy): (JSC::CopyVisitor::didCopy): * heap/SlotVisitorInlines.h: (JSC::SlotVisitor::copyLater): * runtime/JSObject.cpp: (JSC::JSObject::copyButterfly): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@138067 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: Icebcfe83d82ace7c3e1db6a979306f604459c5ae Reviewed-by: Jocelyn Turcotte --- Source/JavaScriptCore/heap/CopiedSpace.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'Source/JavaScriptCore/heap/CopiedSpace.cpp') diff --git a/Source/JavaScriptCore/heap/CopiedSpace.cpp b/Source/JavaScriptCore/heap/CopiedSpace.cpp index e4141c1d7..b235de1dd 100644 --- a/Source/JavaScriptCore/heap/CopiedSpace.cpp +++ b/Source/JavaScriptCore/heap/CopiedSpace.cpp @@ -81,7 +81,7 @@ CheckedBoolean CopiedSpace::tryAllocateOversize(size_t bytes, void** outPtr) { ASSERT(isOversize(bytes)); - CopiedBlock* block = CopiedBlock::create(m_heap->blockAllocator().allocateCustomSize(sizeof(CopiedBlock) + bytes, WTF::pageSize())); + CopiedBlock* block = CopiedBlock::create(m_heap->blockAllocator().allocateCustomSize(sizeof(CopiedBlock) + bytes, CopiedBlock::blockSize)); m_oversizeBlocks.push(block); m_blockFilter.add(reinterpret_cast(block)); m_blockSet.add(block); @@ -104,7 +104,7 @@ CheckedBoolean CopiedSpace::tryReallocate(void** ptr, size_t oldSize, size_t new void* oldPtr = *ptr; ASSERT(!m_heap->globalData()->isInitializingObject()); - if (isOversize(oldSize) || isOversize(newSize)) + if (CopiedSpace::blockFor(oldPtr)->isOversize() || isOversize(newSize)) return tryReallocateOversize(ptr, oldSize, newSize); if (m_allocator.tryReallocate(oldPtr, oldSize, newSize)) @@ -135,8 +135,8 @@ CheckedBoolean CopiedSpace::tryReallocateOversize(void** ptr, size_t oldSize, si memcpy(newPtr, oldPtr, oldSize); - if (isOversize(oldSize)) { - CopiedBlock* oldBlock = oversizeBlockFor(oldPtr); + CopiedBlock* oldBlock = CopiedSpace::blockFor(oldPtr); + if (oldBlock->isOversize()) { m_oversizeBlocks.remove(oldBlock); m_blockSet.remove(oldBlock); m_heap->blockAllocator().deallocateCustomSize(CopiedBlock::destroy(oldBlock)); -- cgit v1.2.1