[webkit-reviews] review requested: [Bug 12216] Stack overflow crash
in JavaScript garbage collector mark pass : [Attachment
17546] [3/4] Not reviewed.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 27 00:50:14 PST 2007
Maciej Stachowiak <mjs at apple.com> has asked for review:
Bug 12216: Stack overflow crash in JavaScript garbage collector mark pass
http://bugs.webkit.org/show_bug.cgi?id=12216
Attachment 17546: [3/4] Not reviewed.
http://bugs.webkit.org/attachment.cgi?id=17546&action=edit
------- Additional Comments from Maciej Stachowiak <mjs at apple.com>
- push large PropertyMaps as ranges too
This seems to be a wash on SunSpider.
The high-water mark for the stack on the SunSpider benchmark goes
from 1979 to 220.
* kjs/MarkStack.h:
(KJS::RangeTag): Tempate class to aid tagging both JSValue** and
PropertyMap*
ranges.
(KJS::MarkStack::getValue): Overloaded helper for newly templatized
algorithms.
(KJS::MarkStack::safeToAccess): ditto
(KJS::MarkStack::advanceRangeStartToCellWithRefs): Templatized.
(KJS::MarkStack::pushWholeRange): ditto
(KJS::MarkStack::pushOneItemAndAdvance): ditto
(KJS::MarkStack::advanceUntil126ItemsPushed): ditto
(KJS::MarkStack::pushRange): ditto
(KJS::MarkStack::pop): Handle both kinds of ranges now.
* kjs/property_map.cpp:
(KJS::PropertyMap::markChildren): Use pushRanges.
* kjs/property_map.h:
(KJS::PropertyMapEntry::PropertyMapEntry): Made this public in the
header.
---
JavaScriptCore/ChangeLog | 28 ++++++++++
JavaScriptCore/kjs/MarkStack.h | 98 ++++++++++++++++++++++++++---------
JavaScriptCore/kjs/property_map.cpp | 16 +-----
JavaScriptCore/kjs/property_map.h | 13 ++++-
4 files changed, 116 insertions(+), 39 deletions(-)
More information about the webkit-reviews
mailing list