Bug 86011 - CopiedSpace does not add pinned blocks back to the to-space filter
Summary: CopiedSpace does not add pinned blocks back to the to-space filter
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Hahnenberg
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-09 13:26 PDT by Mark Hahnenberg
Modified: 2012-05-09 15:49 PDT (History)
1 user (show)

See Also:

Attachments
Patch (2.20 KB, patch)
2012-05-09 13:33 PDT, Mark Hahnenberg 		ggaren: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Hahnenberg 2012-05-09 13:26:54 PDT 
After a collection has finished, we go through the blocks in from-space and move any of them that are pinned into to-space. At the beginning of collection, we reset the to-space block filter that is used during conservative scanning and add back the blocks that are filled during the collection. However, we neglect to add back those blocks that are moved from from-space to to-space, which can cause the conservative scan to think that some pinned items are not actually in CopiedSpace.
Comment 1 Mark Hahnenberg 2012-05-09 13:33:59 PDT 
Created attachment 141007 [details]
Patch
Comment 2 Geoffrey Garen 2012-05-09 15:18:09 PDT 
Comment on attachment 141007 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=141007&action=review

r=me

Please add Radar link

> Source/JavaScriptCore/heap/CopiedSpace.cpp:186
> +            // We don't add the block to the toSpaceSet because it was never removed.

You should ASSERT this condition.
Comment 3 Mark Hahnenberg 2012-05-09 15:25:43 PDT 
<rdar://problem/11417840>
Comment 4 Mark Hahnenberg 2012-05-09 15:49:52 PDT 
Committed r116565: <http://trac.webkit.org/changeset/116565>