[Webkit-unassigned] [Bug 12216] Stack overflow crash in JavaScript garbage collector mark pass
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jul 14 17:38:58 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=12216
cwzwarich at uwaterloo.ca changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |cwzwarich at uwaterloo.ca
------- Comment #6 from cwzwarich at uwaterloo.ca 2007-07-14 17:38 PDT -------
(In reply to comment #3)
> Clearly we can fix this by changing the marking system to not mark recursively.
> Instead the mark functions can simply add the items to mark to a vector passed
> into the mark function, and the caller can then mark those in turn. The tricky
> part may be doing this efficiently!
The only portable way of fixing this that I can see is to essentially convert
the marking code to continuation-passing style, so that all temporary storage
used during marking is allocated in a few vectors on the heap, and transfer of
control between the mark() methods of different cell classes is done using a
trampoline. With GCC, one could use tail recursion instead of a trampoline for
a slight optimization, but that isn't portable, and doesn't even work with
separate compilation in GCC.
Does this sound like a good idea to anyone else? I will gladly implement it if
no one has any objections.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list