Reviewers: jarin,
Description:
Version 3.28.71.15 (merged r23824)
Remove guard page mechanism from promotion queue.
BUG=chromium:411210
LOG=N
[email protected]
Please review this at https://codereview.chromium.org/617493005/
SVN Base: https://v8.googlecode.com/svn/branches/3.28
Affected files (+29, -34 lines):
M src/heap/heap.h
M src/heap/heap.cc
M src/heap/heap-inl.h
M src/heap/spaces.cc
M src/version.cc
A test/mjsunit/regress/regress-411210.js
Index: src/heap/heap-inl.h
diff --git a/src/heap/heap-inl.h b/src/heap/heap-inl.h
index
adb6e25bb710c581d8a6ae7b571b5eddc4732908..3b6a8033a291066905ee3807fcb8ca6266b3c2c2
100644
--- a/src/heap/heap-inl.h
+++ b/src/heap/heap-inl.h
@@ -31,18 +31,12 @@ void PromotionQueue::insert(HeapObject* target, int
size) {
NewSpacePage::FromAddress(reinterpret_cast<Address>(rear_));
DCHECK(!rear_page->prev_page()->is_anchor());
rear_ =
reinterpret_cast<intptr_t*>(rear_page->prev_page()->area_end());
- ActivateGuardIfOnTheSamePage();
}
- if (guard_) {
- DCHECK(GetHeadPage() ==
- Page::FromAllocationTop(reinterpret_cast<Address>(limit_)));
-
- if ((rear_ - 2) < limit_) {
- RelocateQueueHead();
- emergency_stack_->Add(Entry(target, size));
- return;
- }
+ if ((rear_ - 2) < limit_) {
+ RelocateQueueHead();
+ emergency_stack_->Add(Entry(target, size));
+ return;
}
*(--rear_) = reinterpret_cast<intptr_t>(target);
@@ -55,13 +49,6 @@ void PromotionQueue::insert(HeapObject* target, int
size) {
}
-void PromotionQueue::ActivateGuardIfOnTheSamePage() {
- guard_ = guard_ ||
- heap_->new_space()->active_space()->current_page()->address() ==
- GetHeadPage()->address();
-}
-
-
template <>
bool inline Heap::IsOneByte(Vector<const char> str, int chars) {
// TODO(dcarney): incorporate Latin-1 check when Latin-1 is supported?
Index: src/heap/heap.cc
diff --git a/src/heap/heap.cc b/src/heap/heap.cc
index
fa941814d1cba540909219a8fc8adfd7ffc1ecca..3208c3519b11a79b20222dccbb4631da7c96fba5
100644
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -1373,7 +1373,6 @@ void PromotionQueue::Initialize() {
front_ = rear_ =
reinterpret_cast<intptr_t*>(heap_->new_space()->ToSpaceEnd());
emergency_stack_ = NULL;
- guard_ = false;
}
@@ -1971,15 +1970,16 @@ class ScavengingVisitor : public StaticVisitorBase {
HeapObject* target = NULL; // Initialization to please compiler.
if (allocation.To(&target)) {
+ // Order is important here: Set the promotion limit before storing a
+ // filler for double alignment or migrating the object. Otherwise we
+ // may end up overwriting promotion queue entries when we migrate the
+ // object.
+ heap->promotion_queue()->SetNewLimit(heap->new_space()->top());
+
if (alignment != kObjectAlignment) {
target = EnsureDoubleAligned(heap, target, allocation_size);
}
- // Order is important here: Set the promotion limit before migrating
- // the object. Otherwise we may end up overwriting promotion queue
- // entries when we migrate the object.
- heap->promotion_queue()->SetNewLimit(heap->new_space()->top());
-
// Order is important: slot might be inside of the target if target
// was allocated over a dead object and slot comes from the store
// buffer.
Index: src/heap/heap.h
diff --git a/src/heap/heap.h b/src/heap/heap.h
index
c313333362ff7acfa2b3ff6ef519d800276dbeed..b21951cd92227c058397f362814075194f53bb3a
100644
--- a/src/heap/heap.h
+++ b/src/heap/heap.h
@@ -393,18 +393,11 @@ class PromotionQueue {
emergency_stack_ = NULL;
}
- inline void ActivateGuardIfOnTheSamePage();
-
Page* GetHeadPage() {
return Page::FromAllocationTop(reinterpret_cast<Address>(rear_));
}
void SetNewLimit(Address limit) {
- if (!guard_) {
- return;
- }
-
- DCHECK(GetHeadPage() == Page::FromAllocationTop(limit));
limit_ = reinterpret_cast<intptr_t*>(limit);
if (limit_ <= rear_) {
@@ -461,8 +454,6 @@ class PromotionQueue {
intptr_t* rear_;
intptr_t* limit_;
- bool guard_;
-
static const int kEntrySizeInWords = 2;
struct Entry {
Index: src/heap/spaces.cc
diff --git a/src/heap/spaces.cc b/src/heap/spaces.cc
index
92f3f7fa5efcda31560c3ed0bd115b4530f50528..e197f5a33e8ee900c96de3fdfde5b363a77514c2
100644
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -1367,7 +1367,6 @@ bool NewSpace::AddFreshPage() {
Address limit = NewSpacePage::FromLimit(top)->area_end();
if (heap()->gc_state() == Heap::SCAVENGE) {
heap()->promotion_queue()->SetNewLimit(limit);
- heap()->promotion_queue()->ActivateGuardIfOnTheSamePage();
}
int remaining_in_page = static_cast<int>(limit - top);
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index
96b93ac068d3fecfefeb261bcaefd2619677ecd1..e1dc57051a7e26e91149b454d916cf18d627a427
100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
#define MAJOR_VERSION 3
#define MINOR_VERSION 28
#define BUILD_NUMBER 71
-#define PATCH_LEVEL 14
+#define PATCH_LEVEL 15
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
#define IS_CANDIDATE_VERSION 0
Index: test/mjsunit/regress/regress-411210.js
diff --git a/test/mjsunit/regress/regress-411210.js
b/test/mjsunit/regress/regress-411210.js
new file mode 100644
index
0000000000000000000000000000000000000000..bb9d3a5fd7bb3aa8aa79ef91ec0fadb528f2aec1
--- /dev/null
+++ b/test/mjsunit/regress/regress-411210.js
@@ -0,0 +1,18 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --gc-interval=439 --random-seed=-423594851
+
+var __v_3;
+function __f_2() {
+ var __v_1 = new Array(3);
+ __v_1[0] = 10;
+ __v_1[1] = 15.5;
+ __v_3 = __f_2();
+ __v_1[2] = 20;
+ return __v_1;
+}
+for (var __v_2 = 0; __v_2 < 3; ++__v_2) {
+ __v_3 = __f_2();
+}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
