[Webkit-unassigned] [Bug 12535] Stack-optimizing compilers can trick GC into freeing in-use objects

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 1 16:07:38 PST 2007 

http://bugs.webkit.org/show_bug.cgi?id=12535





------- Comment #6 from ian.eng.webkit at gmail.com  2007-02-01 16:07 PDT -------
(In reply to comment #5)
> (In reply to comment #3)
> 
> I don't think pointers in the (non-GC) heap are a consideration. You already
> have to protect them explicitly.
> 
> Honoring pointers to object bodies as pointers to the objects themselves seems
> like it would solve the problem. I worry that it might increase marking
> overhead substantially because we would start honoring more 'fake' pointers.

I think the overhead might no much. Instead of checking 
if (offset % sizeof(CollectorCell) == 0)
It does some arithmatic calculation:
  x = cellStart + (offset / sizeof(CollectorCell)) * sizeof(CollectorCell);

We need some additional work for oversized cells. Size infomation is needed. We
can malloc an additional int before the requested size, and store the cell size
into it. This works like a Java array with length in its header. BTW, I
experimented this change, and it works properly.

Overall, these only cost a few instruction cycles when scanning root pointers.
I think it is not a big issue.

I will post a patch later.

> 
> Another solution would be for objects to create an explicit, volatile stack
> reference to 'this' before handing off pointers to their internals. Yet another
> solution (in this particular case) would be to store a temporary UString on the
> stack, and pass that UString by reference.
> 

(In reply to comment #5)
> (In reply to comment #3)
> 
> I don't think pointers in the (non-GC) heap are a consideration. You already
> have to protect them explicitly.
> 
> Honoring pointers to object bodies as pointers to the objects themselves seems
> like it would solve the problem. I worry that it might increase marking
> overhead substantially because we would start honoring more 'fake' pointers.
> 
> Another solution would be for objects to create an explicit, volatile stack
> reference to 'this' before handing off pointers to their internals. Yet another
> solution (in this particular case) would be to store a temporary UString on the
> stack, and pass that UString by reference.
> 


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list