https://bugs.webkit.org/show_bug.cgi?id=96464
[Issue#] N_SE-45371
[Problem] Crash after randomly operation on internet
[Solution] GC should not sweep/free Zapped blocks.
[Cherry-Picker] Lee SangGyu <sg5.lee@samsung.com>
Reviewed by Filip Pizlo.
This is not beneficial in terms of performance because there isn't any way a block can emerge in the Zapped state from a call to Heap::collect() unless we run an eager sweep on it, in which case we've already run all the destructors we possibly can. This also causes bugs since we don't take zapped-ness into account when determining whether or not a block is empty to free it. The incremental sweeper can then accidentally free blocks that it thinks are empty but are in fact zapped with still-live objects in them.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::needsSweeping): It is only valid to sweep a block if it is in the Marked state.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128262
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
Change-Id: Ie304b8b475eb4912162853e154f99f824e74a52c
+2012-09-11 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ IncrementalSweeper should not sweep/free Zapped blocks
+ https://bugs.webkit.org/show_bug.cgi?id=96464
+
+ Reviewed by Filip Pizlo.
+
+ This is not beneficial in terms of performance because there isn't any way a block can emerge
+ in the Zapped state from a call to Heap::collect() unless we run an eager sweep on it, in which
+ case we've already run all the destructors we possibly can. This also causes bugs since we don't
+ take zapped-ness into account when determining whether or not a block is empty to free it. The
+ incremental sweeper can then accidentally free blocks that it thinks are empty but are in fact
+ zapped with still-live objects in them.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::needsSweeping): It is only valid to sweep a block if it is in the Marked state.
+
2013-03-11 Oliver Hunt <oliver@apple.com>
Make SegmentedVector Noncopyable
2013-03-11 Oliver Hunt <oliver@apple.com>
Make SegmentedVector Noncopyable
inline bool MarkedBlock::needsSweeping()
{
inline bool MarkedBlock::needsSweeping()
{
- return m_state == Marked || m_state == Zapped;
+ return m_state == Marked;