WebKit Bugzilla
Attachment 370283 Details for
Bug 198023
: [JSC] UnlinkedCodeBlock should be eventually jettisoned in VM mini mode
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-198023-20190520170032.patch (text/plain), 4.17 KB, created by
Yusuke Suzuki
on 2019-05-20 17:00:33 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2019-05-20 17:00:33 PDT
Size:
4.17 KB
patch
obsolete
>Subversion Revision: 245533 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index aef85d901c13f7361c4dcdeaf4881b9adf958f8b..a7978a0d31a9139d098e9d302226b961d92f4d9e 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,17 @@ >+2019-05-20 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] UnlinkedCodeBlock should be eventually jettisoned too or cached >+ https://bugs.webkit.org/show_bug.cgi?id=198023 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * bytecode/UnlinkedFunctionExecutable.cpp: >+ (JSC::UnlinkedFunctionExecutable::visitChildren): >+ (JSC::UnlinkedFunctionExecutable::finalizeUnconditionally): >+ * bytecode/UnlinkedFunctionExecutable.h: >+ * heap/Heap.cpp: >+ (JSC::Heap::finalizeUnconditionalFinalizers): >+ > 2019-05-20 Carlos Garcia Campos <cgarcia@igalia.com> > > [GLIB] Crash when instantiating a js object registered with jsc_context_register_class on window object cleared >diff --git a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp >index 14a069c5e07608d309182293656eb2187fd97fd6..937f74334343c535981e0a1f89af78784b91833f 100644 >--- a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp >+++ b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp >@@ -142,10 +142,6 @@ void UnlinkedFunctionExecutable::visitChildren(JSCell* cell, SlotVisitor& visito > UnlinkedFunctionExecutable* thisObject = jsCast<UnlinkedFunctionExecutable*>(cell); > ASSERT_GC_OBJECT_INHERITS(thisObject, info()); > Base::visitChildren(thisObject, visitor); >- if (!thisObject->m_isCached) { >- visitor.append(thisObject->m_unlinkedCodeBlockForCall); >- visitor.append(thisObject->m_unlinkedCodeBlockForConstruct); >- } > } > > SourceCode UnlinkedFunctionExecutable::linkedSourceCode(const SourceCode& passedParentSource) const >@@ -284,4 +280,14 @@ void UnlinkedFunctionExecutable::setInvalidTypeProfilingOffsets() > m_typeProfilingEndOffset = std::numeric_limits<unsigned>::max(); > } > >+void UnlinkedFunctionExecutable::finalizeUnconditionally(VM& vm) >+{ >+ if (!m_isCached) { >+ if (m_unlinkedCodeBlockForCall && !vm.heap.isMarked(m_unlinkedCodeBlockForCall.get())) >+ m_unlinkedCodeBlockForCall.clear(); >+ if (m_unlinkedCodeBlockForConstruct && !vm.heap.isMarked(m_unlinkedCodeBlockForConstruct.get())) >+ m_unlinkedCodeBlockForConstruct.clear(); >+ } >+} >+ > } // namespace JSC >diff --git a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >index 0c7f89cd4eb024fcf80d78836c3f43c0a7cd23c3..bc9720744391f903a3e30be76a90716b2effe9de 100644 >--- a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >+++ b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >@@ -198,6 +198,8 @@ class UnlinkedFunctionExecutable final : public JSCell { > CompactVariableMap::Handle m_parentScopeTDZVariables; > }; > >+ void finalizeUnconditionally(VM&); >+ > private: > UnlinkedFunctionExecutable(VM*, Structure*, const SourceCode&, FunctionMetadataNode*, UnlinkedFunctionKind, ConstructAbility, JSParserScriptMode, Optional<CompactVariableMap::Handle>, JSC::DerivedContextType, bool isBuiltinDefaultClassConstructor); > UnlinkedFunctionExecutable(Decoder&, const CachedFunctionExecutable&); >diff --git a/Source/JavaScriptCore/heap/Heap.cpp b/Source/JavaScriptCore/heap/Heap.cpp >index 987f9f854aa2254f52caa616542951889e094b4d..78845dcefcf3d21c3d819ce275a5e470a71228e0 100644 >--- a/Source/JavaScriptCore/heap/Heap.cpp >+++ b/Source/JavaScriptCore/heap/Heap.cpp >@@ -596,6 +596,7 @@ void Heap::finalizeUnconditionalFinalizers() > }); > finalizeMarkedUnconditionalFinalizers<ExecutableToCodeBlockEdge>(vm()->executableToCodeBlockEdgesWithFinalizers); > finalizeMarkedUnconditionalFinalizers<StructureRareData>(vm()->structureRareDataSpace); >+ finalizeMarkedUnconditionalFinalizers<UnlinkedFunctionExecutable>(vm()->unlinkedFunctionExecutableSpace.space); > if (vm()->m_weakSetSpace) > finalizeMarkedUnconditionalFinalizers<JSWeakSet>(*vm()->m_weakSetSpace); > if (vm()->m_weakMapSpace)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=370283">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198023
:
370283
|
371361
|
371455
|
371472
|
371473
|
371474
|
371560
|
371564
|
371569
|
371624