RESOLVED FIXED 120179
JSObject and JSArray code shouldn't have to tiptoe around garbage collection 
https://bugs.webkit.org/show_bug.cgi?id=120179
Summary JSObject and JSArray code shouldn't have to tiptoe around garbage collection
Mark Hahnenberg
Reported 2013-08-22 16:22:41 PDT
There are many places in the code for JSObject and JSArray where they are manipulating their Butterfly/Structure, e.g. after expanding their out-of-line backing storage via allocating. Within these places there are certain "critical sections" where a GC would be disastrous. Gen GC looks like it will make this dance even more intricate. To make everybody's lives easier we should use the DeferGC mechanism in these functions to make these GC critical sections both obvious in the code and trivially safe. Deferring collections will usually only last marginally longer, thus we should not incur any additional overhead.
Attachments
Patch (10.81 KB, patch)
2013-08-22 16:25 PDT, Mark Hahnenberg 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2013-08-22 16:25:12 PDT
Created attachment 209405 [details] Patch
Mark Hahnenberg
Comment 2 2013-08-22 16:25:30 PDT
Still running benchmarks.
Geoffrey Garen
Comment 3 2013-08-22 16:41:29 PDT
Comment on attachment 209405 [details] Patch If we used DeferGC when creating JS objects, we could remove the whole "finishConstruction" dance and switch back to normal C++ constructors.
WebKit Commit Bot
Comment 4 2013-08-22 17:44:34 PDT
Comment on attachment 209405 [details] Patch Clearing flags on attachment: 209405 Committed r154471: <http://trac.webkit.org/changeset/154471>
WebKit Commit Bot
Comment 5 2013-08-22 17:44:36 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.