RESOLVED FIXED 87180
CopiedSpace::contains doesn't check for oversize blocks 
https://bugs.webkit.org/show_bug.cgi?id=87180
Summary CopiedSpace::contains doesn't check for oversize blocks
Mark Hahnenberg
Reported 2012-05-22 16:42:49 PDT
When doing a conservative scan we use CopiedSpace::contains to determine if a particular address points into the CopiedSpace. Currently contains() only checks if the address points to a block in to-space, which means that pointers to oversize blocks may not get scanned. We even have a BloomFilter for oversize blocks that I believe was originally intended to be used like the one for to-space.
Attachments
Patch (6.45 KB, patch)
2012-05-22 17:37 PDT, Mark Hahnenberg 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2012-05-22 17:37:27 PDT
Created attachment 143413 [details] Patch
Geoffrey Garen
Comment 2 2012-05-22 18:02:43 PDT
Comment on attachment 143413 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=143413&action=review r=me > Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h:52 > inline bool CopiedSpace::contains(void* ptr, CopiedBlock*& result) > { > CopiedBlock* block = blockFor(ptr); > + if (contains(block)) { > + result = block; > + return true; > + } > + block = oversizeBlockFor(ptr); > result = block; > - return !m_toSpaceFilter.ruleOut(reinterpret_cast<Bits>(block)) && m_toSpaceSet.contains(block); > + return contains(block); You could simplify this code by giving oversized and normal blocks the same alignment -- then, one mask always gets you back to the block metadata. That's for another day, though.
Mark Hahnenberg
Comment 3 2012-05-22 18:39:53 PDT
Committed r118093: <http://trac.webkit.org/changeset/118093>
Note You need to log in before you can comment on or make changes to this bug.