Reviewers: jochen (slow),
Message:
PTAL
Description:
Reland r24737 "Read object pointer atomically while updating slots"
Crashes were fixed by r24914.
BUG=chromium:427746
LOG=N
Please review this at https://codereview.chromium.org/726543003/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+6, -2 lines):
M src/heap/mark-compact.cc
Index: src/heap/mark-compact.cc
diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
index
57c93366b845a812a6f2193a1ea4c22a6d911b6e..908b686c8813bf3c3ab4cadc18978919f9729ac6
100644
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -2882,7 +2882,8 @@ class PointersUpdatingVisitor : public ObjectVisitor {
}
static inline void UpdateSlot(Heap* heap, Object** slot) {
- Object* obj = *slot;
+ Object* obj = reinterpret_cast<Object*>(
+ base::NoBarrier_Load(reinterpret_cast<base::AtomicWord*>(slot)));
if (!obj->IsHeapObject()) return;
@@ -2893,7 +2894,10 @@ class PointersUpdatingVisitor : public ObjectVisitor
{
DCHECK(heap->InFromSpace(heap_obj) ||
MarkCompactCollector::IsOnEvacuationCandidate(heap_obj));
HeapObject* target = map_word.ToForwardingAddress();
- *slot = target;
+ base::NoBarrier_CompareAndSwap(
+ reinterpret_cast<base::AtomicWord*>(slot),
+ reinterpret_cast<base::AtomicWord>(obj),
+ reinterpret_cast<base::AtomicWord>(target));
DCHECK(!heap->InFromSpace(target) &&
!MarkCompactCollector::IsOnEvacuationCandidate(target));
}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
