Bug 758106 - Intentionally leak poisoned pointers when using rooting analysis. r=bhackett

--HG-- extra : rebase_source : d0eb52bd01bb64111c32e1f491435f5c731a9647
2012-07-11 11:54:48 -07:00 · 2012-07-11 11:54:48 -07:00 · fae2338851
--- a/js/src/jsgc.cpp
+++ b/js/src/jsgc.cpp
@ -522,6 +522,21 @@ ChunkPool::expireAndFree(JSRuntime *rt, bool releaseAll)
 Chunk::allocate(JSRuntime *rt)
 {
    Chunk *chunk = static_cast<Chunk *>(AllocChunk());
+
+#ifdef JSGC_ROOT_ANALYSIS
+    // Our poison pointers are not guaranteed to be invalid on 64-bit
+    // architectures, and often are valid. We can't just reserve the full
+    // poison range, because it might already have been taken up by something
+    // else (shared library, previous allocation). So we'll just loop and
+    // discard poison pointers until we get something valid.
+    //
+    // This leaks all of these poisoned pointers. It would be better if they
+    // were marked as uncommitted, but it's a little complicated to avoid
+    // clobbering pre-existing unrelated mappings.
+    while (IsPoisonedPtr(chunk))
+        chunk = static_cast<Chunk *>(AllocChunk());
+#endif
+
    if (!chunk)
        return NULL;
    chunk->init();