Reviewers: Hannes Payer, ulan,
Description:
When reading the map from a live object, use a barrier load
It could happen that we shrink a live object on the main thread (e.g.
MigrateFastToSlow) while we're sweeping the same page. The main
thread first creates a filler object that the release-stores the new
map. Therefore it's important to barrier load the map word of live
objects from the sweeper thread.
BUG=none
[email protected],[email protected]
LOG=n
Please review this at https://codereview.chromium.org/797623002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+1, -1 lines):
M src/heap/mark-compact.cc
Index: src/heap/mark-compact.cc
diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
index
b2f067bc9049961d337c832437201c35cdf576d3..85afd16f0ba13a7c834cba9c55d4533730ffbc5b
100644
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -3243,7 +3243,7 @@ static int Sweep(PagedSpace* space, FreeList*
free_list, Page* p,
}
HeapObject* live_object = HeapObject::FromAddress(free_end);
DCHECK(Marking::IsBlack(Marking::MarkBitFrom(live_object)));
- Map* map = live_object->map();
+ Map* map = live_object->synchronized_map();
int size = live_object->SizeFromMap(map);
if (sweeping_mode == SWEEP_AND_VISIT_LIVE_OBJECTS) {
live_object->IterateBody(map->instance_type(), size, v);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
