<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[179728] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/179728">179728</a></dd>
<dt>Author</dt> <dd>msaboff@apple.com</dd>
<dt>Date</dt> <dd>2015-02-05 17:12:00 -0800 (Thu, 05 Feb 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>CodeCache is not thread safe when adding the same source from two different threads
https://bugs.webkit.org/show_bug.cgi?id=141275
Reviewed by Mark Lam.
The issue for this bug is that one thread, takes a cache miss in CodeCache::getGlobalCodeBlock,
but in the process creates a cache entry with a nullptr UnlinkedCodeBlockType* which it
will fill in later in the function. During the body of that function, it allocates
objects that may garbage collect. During that garbage collection, we drop the all locks.
While the locks are released by the first thread, another thread can enter the VM and might
have exactly the same source and enter CodeCache::getGlobalCodeBlock() itself. When it
looks up the code block, it sees it as a cache it and uses the nullptr UnlinkedCodeBlockType*
and crashes. This fixes the problem by not dropping the locks during garbage collection.
There are other likely scenarios where we have a data structure like this code cache in an
unsafe state for arbitrary reentrance.
Moved the functionality of DelayedReleaseScope directly into Heap. Changed it into
a simple list that is cleared with the new function Heap::releaseDelayedReleasedObjects.
Now we accumulate objects to be released and release them when all locks are dropped or
when destroying the Heap. This eliminated the dropping and reaquiring of locks associated
with the old scope form of this list.
Given that all functionality of DelayedReleaseScope is now used and referenced by Heap
and the lock management no longer needs to be done, just made the list a member of Heap.
We do need to guard against the case that releasing an object can create more objects
by calling into JS. That is why releaseDelayedReleasedObjects() is written to remove
an object to release so that we aren't recursively in Vector code. The other thing we
do in releaseDelayedReleasedObjects() is to guard against recursive calls to itself using
the m_delayedReleaseRecursionCount. We only release at the first entry into the function.
This case is already tested by testapi.mm.
* heap/DelayedReleaseScope.h: Removed file
* API/JSAPIWrapperObject.mm:
* API/ObjCCallbackFunction.mm:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/IncrementalSweeper.cpp:
(JSC::IncrementalSweeper::doSweep):
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::tryAllocateHelper):
(JSC::MarkedAllocator::tryAllocate):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::sweep):
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::lastChanceToFinalize):
(JSC::MarkedSpace::didFinishIterating):
* heap/MarkedSpace.h:
* heap/Heap.cpp:
(JSC::Heap::collectAllGarbage):
(JSC::Heap::zombifyDeadObjects):
Removed references to DelayedReleaseScope and DelayedReleaseScope.h.
* heap/Heap.cpp:
(JSC::Heap::Heap): Initialized m_delayedReleaseRecursionCount.
(JSC::Heap::lastChanceToFinalize): Call releaseDelayedObjectsNow() as the VM is going away.
(JSC::Heap::releaseDelayedReleasedObjects): New function that released the accumulated
delayed release objects.
* heap/Heap.h:
(JSC::Heap::m_delayedReleaseObjects): List of objects to be released later.
(JSC::Heap::m_delayedReleaseRecursionCount): Counter to indicate that
releaseDelayedReleasedObjects is being called recursively.
* heap/HeapInlines.h:
(JSC::Heap::releaseSoon): Changed location of list to add delayed release objects.
* runtime/JSLock.cpp:
(JSC::JSLock::willReleaseLock):
Call Heap::releaseDelayedObjectsNow() when releasing the lock.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreAPIJSAPIWrapperObjectmm">trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm</a></li>
<li><a href="#trunkSourceJavaScriptCoreAPIObjCCallbackFunctionmm">trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.mm</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj">trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxprojfilters">trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHeapcpp">trunk/Source/JavaScriptCore/heap/Heap.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHeaph">trunk/Source/JavaScriptCore/heap/Heap.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHeapInlinesh">trunk/Source/JavaScriptCore/heap/HeapInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapIncrementalSweepercpp">trunk/Source/JavaScriptCore/heap/IncrementalSweeper.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapMarkedAllocatorcpp">trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapMarkedBlockcpp">trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapMarkedSpacecpp">trunk/Source/JavaScriptCore/heap/MarkedSpace.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapMarkedSpaceh">trunk/Source/JavaScriptCore/heap/MarkedSpace.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSLockcpp">trunk/Source/JavaScriptCore/runtime/JSLock.cpp</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreheapDelayedReleaseScopeh">trunk/Source/JavaScriptCore/heap/DelayedReleaseScope.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreAPIJSAPIWrapperObjectmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -26,7 +26,6 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSAPIWrapperObject.h"
</span><span class="cx">
</span><del>-#include "DelayedReleaseScope.h"
</del><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "JSCallbackObject.h"
</span><span class="cx"> #include "JSVirtualMachineInternal.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreAPIObjCCallbackFunctionmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.mm (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.mm 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.mm 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -30,7 +30,6 @@
</span><span class="cx">
</span><span class="cx"> #import "APICallbackFunction.h"
</span><span class="cx"> #import "APICast.h"
</span><del>-#import "DelayedReleaseScope.h"
</del><span class="cx"> #import "Error.h"
</span><span class="cx"> #import "JSCJSValueInlines.h"
</span><span class="cx"> #import "JSCell.h"
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -1,3 +1,77 @@
</span><ins>+2015-02-05 Michael Saboff <msaboff@apple.com>
+
+ CodeCache is not thread safe when adding the same source from two different threads
+ https://bugs.webkit.org/show_bug.cgi?id=141275
+
+ Reviewed by Mark Lam.
+
+ The issue for this bug is that one thread, takes a cache miss in CodeCache::getGlobalCodeBlock,
+ but in the process creates a cache entry with a nullptr UnlinkedCodeBlockType* which it
+ will fill in later in the function. During the body of that function, it allocates
+ objects that may garbage collect. During that garbage collection, we drop the all locks.
+ While the locks are released by the first thread, another thread can enter the VM and might
+ have exactly the same source and enter CodeCache::getGlobalCodeBlock() itself. When it
+ looks up the code block, it sees it as a cache it and uses the nullptr UnlinkedCodeBlockType*
+ and crashes. This fixes the problem by not dropping the locks during garbage collection.
+ There are other likely scenarios where we have a data structure like this code cache in an
+ unsafe state for arbitrary reentrance.
+
+ Moved the functionality of DelayedReleaseScope directly into Heap. Changed it into
+ a simple list that is cleared with the new function Heap::releaseDelayedReleasedObjects.
+ Now we accumulate objects to be released and release them when all locks are dropped or
+ when destroying the Heap. This eliminated the dropping and reaquiring of locks associated
+ with the old scope form of this list.
+
+ Given that all functionality of DelayedReleaseScope is now used and referenced by Heap
+ and the lock management no longer needs to be done, just made the list a member of Heap.
+ We do need to guard against the case that releasing an object can create more objects
+ by calling into JS. That is why releaseDelayedReleasedObjects() is written to remove
+ an object to release so that we aren't recursively in Vector code. The other thing we
+ do in releaseDelayedReleasedObjects() is to guard against recursive calls to itself using
+ the m_delayedReleaseRecursionCount. We only release at the first entry into the function.
+ This case is already tested by testapi.mm.
+
+ * heap/DelayedReleaseScope.h: Removed file
+
+ * API/JSAPIWrapperObject.mm:
+ * API/ObjCCallbackFunction.mm:
+ * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
+ * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/IncrementalSweeper.cpp:
+ (JSC::IncrementalSweeper::doSweep):
+ * heap/MarkedAllocator.cpp:
+ (JSC::MarkedAllocator::tryAllocateHelper):
+ (JSC::MarkedAllocator::tryAllocate):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::sweep):
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::lastChanceToFinalize):
+ (JSC::MarkedSpace::didFinishIterating):
+ * heap/MarkedSpace.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::collectAllGarbage):
+ (JSC::Heap::zombifyDeadObjects):
+ Removed references to DelayedReleaseScope and DelayedReleaseScope.h.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap): Initialized m_delayedReleaseRecursionCount.
+ (JSC::Heap::lastChanceToFinalize): Call releaseDelayedObjectsNow() as the VM is going away.
+ (JSC::Heap::releaseDelayedReleasedObjects): New function that released the accumulated
+ delayed release objects.
+
+ * heap/Heap.h:
+ (JSC::Heap::m_delayedReleaseObjects): List of objects to be released later.
+ (JSC::Heap::m_delayedReleaseRecursionCount): Counter to indicate that
+ releaseDelayedReleasedObjects is being called recursively.
+ * heap/HeapInlines.h:
+ (JSC::Heap::releaseSoon): Changed location of list to add delayed release objects.
+
+ * runtime/JSLock.cpp:
+ (JSC::JSLock::willReleaseLock):
+ Call Heap::releaseDelayedObjectsNow() when releasing the lock.
+
</ins><span class="cx"> 2015-02-05 Youenn Fablet <youenn.fablet@crf.canon.fr> and Xabier Rodriguez Calvar <calvaris@igalia.com>
</span><span class="cx">
</span><span class="cx"> [Streams API] Implement a barebone ReadableStream interface
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -1230,7 +1230,6 @@
</span><span class="cx"> <ClInclude Include="..\heap\CopyWorkList.h" />
</span><span class="cx"> <ClInclude Include="..\heap\CopyWriteBarrier.h" />
</span><span class="cx"> <ClInclude Include="..\heap\DeferGC.h" />
</span><del>- <ClInclude Include="..\heap\DelayedReleaseScope.h" />
</del><span class="cx"> <ClInclude Include="..\heap\EdenGCActivityCallback.h" />
</span><span class="cx"> <ClInclude Include="..\heap\FullGCActivityCallback.h" />
</span><span class="cx"> <ClInclude Include="..\heap\GCActivityCallback.h" />
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxprojfilters"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -3768,9 +3768,6 @@
</span><span class="cx"> <ClInclude Include="..\runtime\StackAlignment.h">
</span><span class="cx"> <Filter>runtime</Filter>
</span><span class="cx"> </ClInclude>
</span><del>- <ClInclude Include="..\heap\DelayedReleaseScope.h">
- <Filter>heap</Filter>
- </ClInclude>
</del><span class="cx"> <ClInclude Include="..\bytecode\VariableWatchpointSet.h">
</span><span class="cx"> <Filter>bytecode</Filter>
</span><span class="cx"> </ClInclude>
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -864,7 +864,6 @@
</span><span class="cx"> 2A05ABD61961DF2400341750 /* JSPropertyNameEnumerator.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A05ABD41961DF2400341750 /* JSPropertyNameEnumerator.h */; };
</span><span class="cx"> 2A111245192FCE79005EE18D /* CustomGetterSetter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A111243192FCE79005EE18D /* CustomGetterSetter.cpp */; };
</span><span class="cx"> 2A111246192FCE79005EE18D /* CustomGetterSetter.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A111244192FCE79005EE18D /* CustomGetterSetter.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><del>- 2A2825D018341F2D0087FBA9 /* DelayedReleaseScope.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A2825CF18341F2D0087FBA9 /* DelayedReleaseScope.h */; };
</del><span class="cx"> 2A48D1911772365B00C65A5F /* APICallbackFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = C211B574176A224D000E2A23 /* APICallbackFunction.h */; };
</span><span class="cx"> 2A4BB7F318A41179008A0FCD /* JSManagedValueInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A4BB7F218A41179008A0FCD /* JSManagedValueInternal.h */; };
</span><span class="cx"> 2A4EC90B1860D6C20094F782 /* WriteBarrierBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */; };
</span><span class="lines">@@ -2499,7 +2498,6 @@
</span><span class="cx"> 2A05ABD41961DF2400341750 /* JSPropertyNameEnumerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSPropertyNameEnumerator.h; sourceTree = "<group>"; };
</span><span class="cx"> 2A111243192FCE79005EE18D /* CustomGetterSetter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CustomGetterSetter.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 2A111244192FCE79005EE18D /* CustomGetterSetter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CustomGetterSetter.h; sourceTree = "<group>"; };
</span><del>- 2A2825CF18341F2D0087FBA9 /* DelayedReleaseScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DelayedReleaseScope.h; sourceTree = "<group>"; };
</del><span class="cx"> 2A343F7418A1748B0039B085 /* GCSegmentedArray.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCSegmentedArray.h; sourceTree = "<group>"; };
</span><span class="cx"> 2A343F7718A1749D0039B085 /* GCSegmentedArrayInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCSegmentedArrayInlines.h; sourceTree = "<group>"; };
</span><span class="cx"> 2A4BB7F218A41179008A0FCD /* JSManagedValueInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSManagedValueInternal.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -3848,7 +3846,6 @@
</span><span class="cx"> 2A68295A1875F80500B6C3E2 /* CopyWriteBarrier.h */,
</span><span class="cx"> 2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */,
</span><span class="cx"> 0F136D4B174AD69B0075B354 /* DeferGC.h */,
</span><del>- 2A2825CF18341F2D0087FBA9 /* DelayedReleaseScope.h */,
</del><span class="cx"> BCBE2CAD14E985AA000593AD /* GCAssertions.h */,
</span><span class="cx"> 0F2B66A817B6B53D00A7AE3F /* GCIncomingRefCounted.h */,
</span><span class="cx"> 0F2B66A917B6B53D00A7AE3F /* GCIncomingRefCountedInlines.h */,
</span><span class="lines">@@ -5535,7 +5532,6 @@
</span><span class="cx"> FEA08621182B7A0400F6D851 /* DebuggerPrimitives.h in Headers */,
</span><span class="cx"> 0F136D4D174AD69E0075B354 /* DeferGC.h in Headers */,
</span><span class="cx"> 0FC712DF17CD877C008CC93C /* DeferredCompilationCallback.h in Headers */,
</span><del>- 2A2825D018341F2D0087FBA9 /* DelayedReleaseScope.h in Headers */,
</del><span class="cx"> A77A423E17A0BBFD00A8DB81 /* DFGAbstractHeap.h in Headers */,
</span><span class="cx"> A5EA70E819F5B1010098F5EC /* AugmentableInspectorControllerClient.h in Headers */,
</span><span class="cx"> A704D90317A0BAA8006BA554 /* DFGAbstractInterpreter.h in Headers */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapDelayedReleaseScopeh"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/heap/DelayedReleaseScope.h (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/DelayedReleaseScope.h 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/heap/DelayedReleaseScope.h 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -1,103 +0,0 @@
</span><del>-/*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef DelayedReleaseScope_h
-#define DelayedReleaseScope_h
-
-#include "Heap.h"
-#include "JSLock.h"
-#include "MarkedSpace.h"
-
-namespace JSC {
-
-#if USE(CF)
-
-class DelayedReleaseScope {
-public:
- DelayedReleaseScope(MarkedSpace& markedSpace)
- : m_markedSpace(markedSpace)
- {
- ASSERT(!m_markedSpace.m_currentDelayedReleaseScope);
- m_markedSpace.m_currentDelayedReleaseScope = this;
- }
-
- ~DelayedReleaseScope()
- {
- ASSERT(m_markedSpace.m_currentDelayedReleaseScope == this);
- m_markedSpace.m_currentDelayedReleaseScope = nullptr;
-
- HeapOperation operationInProgress = NoOperation;
- std::swap(operationInProgress, m_markedSpace.m_heap->m_operationInProgress);
-
- {
- JSLock::DropAllLocks dropAllLocks(*m_markedSpace.m_heap->vm());
- m_delayedReleaseObjects.clear();
- }
-
- std::swap(operationInProgress, m_markedSpace.m_heap->m_operationInProgress);
- }
-
- template <typename T>
- void releaseSoon(RetainPtr<T>&& object)
- {
- m_delayedReleaseObjects.append(WTF::move(object));
- }
-
- static bool isInEffectFor(MarkedSpace& markedSpace)
- {
- return markedSpace.m_currentDelayedReleaseScope;
- }
-
-private:
- MarkedSpace& m_markedSpace;
- Vector<RetainPtr<CFTypeRef>> m_delayedReleaseObjects;
-};
-
-template <typename T>
-inline void MarkedSpace::releaseSoon(RetainPtr<T>&& object)
-{
- ASSERT(m_currentDelayedReleaseScope);
- m_currentDelayedReleaseScope->releaseSoon(WTF::move(object));
-}
-
-#else // USE(CF)
-
-class DelayedReleaseScope {
-public:
- DelayedReleaseScope(MarkedSpace&)
- {
- }
-
- static bool isInEffectFor(MarkedSpace&)
- {
- return true;
- }
-};
-
-#endif // USE(CF)
-
-} // namespace JSC
-
-#endif // DelayedReleaseScope_h
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeapcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/Heap.cpp (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/Heap.cpp 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/heap/Heap.cpp 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -27,7 +27,6 @@
</span><span class="cx"> #include "CopiedSpaceInlines.h"
</span><span class="cx"> #include "CopyVisitorInlines.h"
</span><span class="cx"> #include "DFGWorklist.h"
</span><del>-#include "DelayedReleaseScope.h"
</del><span class="cx"> #include "EdenGCActivityCallback.h"
</span><span class="cx"> #include "FullGCActivityCallback.h"
</span><span class="cx"> #include "GCActivityCallback.h"
</span><span class="lines">@@ -337,6 +336,9 @@
</span><span class="cx"> , m_sweeper(std::make_unique<IncrementalSweeper>(this->vm()))
</span><span class="cx"> #endif
</span><span class="cx"> , m_deferralDepth(0)
</span><ins>+#if USE(CF)
+ , m_delayedReleaseRecursionCount(0)
+#endif
</ins><span class="cx"> {
</span><span class="cx"> m_storageSpace.init();
</span><span class="cx"> if (Options::verifyHeap())
</span><span class="lines">@@ -360,8 +362,22 @@
</span><span class="cx"> RELEASE_ASSERT(m_operationInProgress == NoOperation);
</span><span class="cx">
</span><span class="cx"> m_objectSpace.lastChanceToFinalize();
</span><ins>+ releaseDelayedReleasedObjects();
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+void Heap::releaseDelayedReleasedObjects()
+{
+#if USE(CF)
+ if (!m_delayedReleaseRecursionCount++) {
+ while (!m_delayedReleaseObjects.isEmpty()) {
+ RetainPtr<CFTypeRef> objectToRelease = m_delayedReleaseObjects.takeLast();
+ objectToRelease.clear();
+ }
+ }
+ m_delayedReleaseRecursionCount--;
+#endif
+}
+
</ins><span class="cx"> void Heap::reportExtraMemoryCostSlowCase(size_t cost)
</span><span class="cx"> {
</span><span class="cx"> // Our frequency of garbage collection tries to balance memory use against speed
</span><span class="lines">@@ -966,7 +982,6 @@
</span><span class="cx"> collect(FullCollection);
</span><span class="cx">
</span><span class="cx"> SamplingRegion samplingRegion("Garbage Collection: Sweeping");
</span><del>- DelayedReleaseScope delayedReleaseScope(m_objectSpace);
</del><span class="cx"> m_objectSpace.sweep();
</span><span class="cx"> m_objectSpace.shrink();
</span><span class="cx"> }
</span><span class="lines">@@ -1378,7 +1393,6 @@
</span><span class="cx"> // Sweep now because destructors will crash once we're zombified.
</span><span class="cx"> {
</span><span class="cx"> SamplingRegion samplingRegion("Garbage Collection: Sweeping");
</span><del>- DelayedReleaseScope delayedReleaseScope(m_objectSpace);
</del><span class="cx"> m_objectSpace.zombifySweep();
</span><span class="cx"> }
</span><span class="cx"> HeapIterationScope iterationScope(*this);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeaph"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/Heap.h (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/Heap.h 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/heap/Heap.h 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -115,6 +115,7 @@
</span><span class="cx"> Heap(VM*, HeapType);
</span><span class="cx"> ~Heap();
</span><span class="cx"> JS_EXPORT_PRIVATE void lastChanceToFinalize();
</span><ins>+ void releaseDelayedReleasedObjects();
</ins><span class="cx">
</span><span class="cx"> VM* vm() const { return m_vm; }
</span><span class="cx"> MarkedSpace& objectSpace() { return m_objectSpace; }
</span><span class="lines">@@ -231,7 +232,6 @@
</span><span class="cx"> friend class CopiedBlock;
</span><span class="cx"> friend class DeferGC;
</span><span class="cx"> friend class DeferGCForAWhile;
</span><del>- friend class DelayedReleaseScope;
</del><span class="cx"> friend class GCAwareJITStubRoutine;
</span><span class="cx"> friend class GCLogging;
</span><span class="cx"> friend class HandleSet;
</span><span class="lines">@@ -387,6 +387,10 @@
</span><span class="cx"> Vector<DFG::Worklist*> m_suspendedCompilerWorklists;
</span><span class="cx">
</span><span class="cx"> std::unique_ptr<HeapVerifier> m_verifier;
</span><ins>+#if USE(CF)
+ Vector<RetainPtr<CFTypeRef>> m_delayedReleaseObjects;
+ unsigned m_delayedReleaseRecursionCount;
+#endif
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeapInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/HeapInlines.h (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/HeapInlines.h 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/heap/HeapInlines.h 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -249,7 +249,7 @@
</span><span class="cx"> template <typename T>
</span><span class="cx"> inline void Heap::releaseSoon(RetainPtr<T>&& object)
</span><span class="cx"> {
</span><del>- m_objectSpace.releaseSoon(WTF::move(object));
</del><ins>+ m_delayedReleaseObjects.append(WTF::move(object));
</ins><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapIncrementalSweepercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/IncrementalSweeper.cpp (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/IncrementalSweeper.cpp 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/heap/IncrementalSweeper.cpp 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -26,7 +26,6 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "IncrementalSweeper.h"
</span><span class="cx">
</span><del>-#include "DelayedReleaseScope.h"
</del><span class="cx"> #include "Heap.h"
</span><span class="cx"> #include "JSObject.h"
</span><span class="cx"> #include "JSString.h"
</span><span class="lines">@@ -68,7 +67,6 @@
</span><span class="cx">
</span><span class="cx"> void IncrementalSweeper::doSweep(double sweepBeginTime)
</span><span class="cx"> {
</span><del>- DelayedReleaseScope scope(m_vm->heap.m_objectSpace);
</del><span class="cx"> while (m_currentBlockToSweepIndex < m_blocksToSweep.size()) {
</span><span class="cx"> sweepNextBlock();
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapMarkedAllocatorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -26,7 +26,6 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "MarkedAllocator.h"
</span><span class="cx">
</span><del>-#include "DelayedReleaseScope.h"
</del><span class="cx"> #include "GCActivityCallback.h"
</span><span class="cx"> #include "Heap.h"
</span><span class="cx"> #include "IncrementalSweeper.h"
</span><span class="lines">@@ -62,47 +61,41 @@
</span><span class="cx">
</span><span class="cx"> inline void* MarkedAllocator::tryAllocateHelper(size_t bytes)
</span><span class="cx"> {
</span><del>- // We need a while loop to check the free list because the DelayedReleaseScope
- // could cause arbitrary code to execute and exhaust the free list that we
- // thought had elements in it.
- while (!m_freeList.head) {
- DelayedReleaseScope delayedReleaseScope(*m_markedSpace);
- if (m_currentBlock) {
- ASSERT(m_currentBlock == m_nextBlockToSweep);
- m_currentBlock->didConsumeFreeList();
- m_nextBlockToSweep = m_currentBlock->next();
- }
</del><ins>+ if (m_currentBlock) {
+ ASSERT(m_currentBlock == m_nextBlockToSweep);
+ m_currentBlock->didConsumeFreeList();
+ m_nextBlockToSweep = m_currentBlock->next();
+ }
</ins><span class="cx">
</span><del>- MarkedBlock* next;
- for (MarkedBlock*& block = m_nextBlockToSweep; block; block = next) {
- next = block->next();
</del><ins>+ MarkedBlock* next;
+ for (MarkedBlock*& block = m_nextBlockToSweep; block; block = next) {
+ next = block->next();
</ins><span class="cx">
</span><del>- MarkedBlock::FreeList freeList = block->sweep(MarkedBlock::SweepToFreeList);
-
- double utilization = ((double)MarkedBlock::blockSize - (double)freeList.bytes) / (double)MarkedBlock::blockSize;
- if (utilization >= Options::minMarkedBlockUtilization()) {
- ASSERT(freeList.bytes || !freeList.head);
- m_blockList.remove(block);
- m_retiredBlocks.push(block);
- block->didRetireBlock(freeList);
- continue;
- }
-
- if (bytes > block->cellSize()) {
- block->stopAllocating(freeList);
- continue;
- }
-
- m_currentBlock = block;
- m_freeList = freeList;
- break;
- }
</del><ins>+ MarkedBlock::FreeList freeList = block->sweep(MarkedBlock::SweepToFreeList);
</ins><span class="cx">
</span><del>- if (!m_freeList.head) {
- m_currentBlock = 0;
- return 0;
</del><ins>+ double utilization = ((double)MarkedBlock::blockSize - (double)freeList.bytes) / (double)MarkedBlock::blockSize;
+ if (utilization >= Options::minMarkedBlockUtilization()) {
+ ASSERT(freeList.bytes || !freeList.head);
+ m_blockList.remove(block);
+ m_retiredBlocks.push(block);
+ block->didRetireBlock(freeList);
+ continue;
</ins><span class="cx"> }
</span><ins>+
+ if (bytes > block->cellSize()) {
+ block->stopAllocating(freeList);
+ continue;
+ }
+
+ m_currentBlock = block;
+ m_freeList = freeList;
+ break;
</ins><span class="cx"> }
</span><ins>+
+ if (!m_freeList.head) {
+ m_currentBlock = 0;
+ return 0;
+ }
</ins><span class="cx">
</span><span class="cx"> ASSERT(m_freeList.head);
</span><span class="cx"> void* head = tryPopFreeList(bytes);
</span><span class="lines">@@ -128,17 +121,6 @@
</span><span class="cx"> m_heap->m_operationInProgress = Allocation;
</span><span class="cx"> void* result = tryAllocateHelper(bytes);
</span><span class="cx">
</span><del>- // Due to the DelayedReleaseScope in tryAllocateHelper, some other thread might have
- // created a new block after we thought we didn't find any free cells.
- while (!result && m_currentBlock) {
- // A new block was added by another thread so try popping the free list.
- result = tryPopFreeList(bytes);
- if (result)
- break;
- // The free list was empty, so call tryAllocateHelper to do the normal sweeping stuff.
- result = tryAllocateHelper(bytes);
- }
-
</del><span class="cx"> m_heap->m_operationInProgress = NoOperation;
</span><span class="cx"> ASSERT(result || !m_currentBlock);
</span><span class="cx"> return result;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapMarkedBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -26,7 +26,6 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "MarkedBlock.h"
</span><span class="cx">
</span><del>-#include "DelayedReleaseScope.h"
</del><span class="cx"> #include "IncrementalSweeper.h"
</span><span class="cx"> #include "JSCell.h"
</span><span class="cx"> #include "JSDestructibleObject.h"
</span><span class="lines">@@ -110,7 +109,6 @@
</span><span class="cx">
</span><span class="cx"> MarkedBlock::FreeList MarkedBlock::sweep(SweepMode sweepMode)
</span><span class="cx"> {
</span><del>- ASSERT(DelayedReleaseScope::isInEffectFor(heap()->m_objectSpace));
</del><span class="cx"> HEAP_LOG_BLOCK_STATE_TRANSITION(this);
</span><span class="cx">
</span><span class="cx"> m_weakSet.sweep();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapMarkedSpacecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/MarkedSpace.cpp (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/MarkedSpace.cpp 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/heap/MarkedSpace.cpp 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -21,7 +21,6 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "MarkedSpace.h"
</span><span class="cx">
</span><del>-#include "DelayedReleaseScope.h"
</del><span class="cx"> #include "IncrementalSweeper.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSLock.h"
</span><span class="lines">@@ -82,7 +81,6 @@
</span><span class="cx"> : m_heap(heap)
</span><span class="cx"> , m_capacity(0)
</span><span class="cx"> , m_isIterating(false)
</span><del>- , m_currentDelayedReleaseScope(nullptr)
</del><span class="cx"> {
</span><span class="cx"> for (size_t cellSize = preciseStep; cellSize <= preciseCutoff; cellSize += preciseStep) {
</span><span class="cx"> allocatorFor(cellSize).init(heap, this, cellSize, MarkedBlock::None);
</span><span class="lines">@@ -114,7 +112,6 @@
</span><span class="cx">
</span><span class="cx"> void MarkedSpace::lastChanceToFinalize()
</span><span class="cx"> {
</span><del>- DelayedReleaseScope delayedReleaseScope(*this);
</del><span class="cx"> stopAllocating();
</span><span class="cx"> forEachAllocator<LastChanceToFinalize>();
</span><span class="cx"> }
</span><span class="lines">@@ -362,7 +359,6 @@
</span><span class="cx"> void MarkedSpace::didFinishIterating()
</span><span class="cx"> {
</span><span class="cx"> ASSERT(isIterating());
</span><del>- DelayedReleaseScope scope(*this);
</del><span class="cx"> resumeAllocating();
</span><span class="cx"> m_isIterating = false;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapMarkedSpaceh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/MarkedSpace.h (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/MarkedSpace.h 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/heap/MarkedSpace.h 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -36,7 +36,6 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-class DelayedReleaseScope;
</del><span class="cx"> class Heap;
</span><span class="cx"> class HeapIterationScope;
</span><span class="cx"> class JSCell;
</span><span class="lines">@@ -161,7 +160,6 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- friend class DelayedReleaseScope;
</del><span class="cx"> friend class LLIntOffsetsExtractor;
</span><span class="cx"> friend class JIT;
</span><span class="cx">
</span><span class="lines">@@ -177,8 +175,6 @@
</span><span class="cx"> bool m_isIterating;
</span><span class="cx"> MarkedBlockSet m_blocks;
</span><span class="cx"> Vector<MarkedBlock*> m_blocksWithNewObjects;
</span><del>-
- DelayedReleaseScope* m_currentDelayedReleaseScope;
</del><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> template<typename Functor> inline typename Functor::ReturnType MarkedSpace::forEachLiveCell(HeapIterationScope&, Functor& functor)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSLockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSLock.cpp (179727 => 179728)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSLock.cpp 2015-02-06 01:07:51 UTC (rev 179727)
+++ trunk/Source/JavaScriptCore/runtime/JSLock.cpp 2015-02-06 01:12:00 UTC (rev 179728)
</span><span class="lines">@@ -171,8 +171,10 @@
</span><span class="cx">
</span><span class="cx"> void JSLock::willReleaseLock()
</span><span class="cx"> {
</span><del>- if (m_vm)
</del><ins>+ if (m_vm) {
+ m_vm->heap.releaseDelayedReleasedObjects();
</ins><span class="cx"> m_vm->setStackPointerAtVMEntry(nullptr);
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> if (m_entryAtomicStringTable) {
</span><span class="cx"> wtfThreadData().setCurrentAtomicStringTable(m_entryAtomicStringTable);
</span></span></pre>
</div>
</div>
</body>
</html>