| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Change-Id: I3b1d8a2808782c9f34d50240000e20cb38d3680f
Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
|
| |
|
|
|
|
|
| |
Importing a new snapshot of webkit.
Change-Id: I2d01ad12cdc8af8cb015387641120a9d7ea5f10c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugs.webkit.org/show_bug.cgi?id=105339
Reviewed by Filip Pizlo.
Currently the DFG has a single branch in the inline allocation path for property/array storage where
it checks to see if the number of bytes requested will fit in the current block. This does not match
what the C++ allocation path does; it checks if the requested number of bytes is oversize, and then
if it's not, it tries to fit it in the current block. The garbage collector assumes that ALL allocations
that are greater than 16KB are in oversize blocks. Therefore, this mismatch can lead to crashes when
the collector tries to perform some operation on a CopiedBlock.
To avoid adding an extra branch to the inline allocation path in the JIT, we should make it so that
oversize blocks are allocated on the same alignment boundaries so that there is a single mask to find
the block header of any CopiedBlock (rather than two, one for normal and one for oversize blocks), and
we should figure out if a block is oversize by some other method than just whatever the JSObject says
it is. One way we could record this info Region of the block, since we allocate a one-off Region for
oversize blocks.
* heap/BlockAllocator.h:
(JSC::Region::isCustomSize):
(Region):
(JSC::Region::createCustomSize):
(JSC::Region::Region):
(JSC::BlockAllocator::deallocateCustomSize):
* heap/CopiedBlock.h:
(CopiedBlock):
(JSC::CopiedBlock::isOversize):
(JSC):
* heap/CopiedSpace.cpp:
(JSC::CopiedSpace::tryAllocateOversize):
(JSC::CopiedSpace::tryReallocate):
(JSC::CopiedSpace::tryReallocateOversize):
* heap/CopiedSpace.h:
(CopiedSpace):
* heap/CopiedSpaceInlines.h:
(JSC::CopiedSpace::contains):
(JSC::CopiedSpace::tryAllocate):
(JSC):
* heap/CopyVisitor.h:
(CopyVisitor):
* heap/CopyVisitorInlines.h:
(JSC::CopyVisitor::checkIfShouldCopy):
(JSC::CopyVisitor::didCopy):
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::copyLater):
* runtime/JSObject.cpp:
(JSC::JSObject::copyButterfly):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@138067 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Change-Id: Icebcfe83d82ace7c3e1db6a979306f604459c5ae
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
|
| |
|
|
|
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@136119)
New snapshot that includes the fix for installing the QtWebProcess into libexec
Change-Id: I01344e079cbdac5678c4cba6ffcc05f4597cf0d7
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
|
| |
|
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@135485)
Change-Id: I03774e5ac79721c13ffa30d152537a74d0b12e66
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
|
| |
|
|
|
|
| |
(http://svn.webkit.org/repository/webkit/trunk@133952)
Revert back to an older snapshot that should build on ARM
|
|
|
(http://svn.webkit.org/repository/webkit/trunk@134025)
New snapshot with numerious build fixes, including MSVC 2012 and ARM Thumb-2.
|
