[Cherry-Pick] IncrementalSweeper should not sweep/free Zapped blocks
https://bugs.webkit.org/show_bug.cgi?id=96464
[Issue#] N_SE-45371
[Problem] Crash after randomly operation on internet
[Solution] GC should not sweep/free Zapped blocks.
[Cherry-Picker] Lee SangGyu <sg5.lee@samsung.com>
Reviewed by Filip Pizlo.
This is not beneficial in terms of performance because there isn't any way a block can emerge in the Zapped state from a call to Heap::collect() unless we run an eager sweep on it, in which case we've already run all the destructors we possibly can. This also causes bugs since we don't take zapped-ness into account when determining whether or not a block is empty to free it. The incremental sweeper can then accidentally free blocks that it thinks are empty but are in fact zapped with still-live objects in them.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::needsSweeping): It is only valid to sweep a block if it is in the Marked state.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128262
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
Change-Id: Ie304b8b475eb4912162853e154f99f824e74a52c
projects / framework / web / webkit-efl.git / commit