Reviewers: Hannes Payer, ulan,
Description:
Add checks to the marking queue
Hopefully we'll catch heap corruption earlier where identifying the
object that holds a stale pointer.
Speaking of staleness, also remove old debugging code.
BUG=chromium:128415
[email protected],[email protected]
LOG=n
Please review this at https://codereview.chromium.org/843013005/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+8, -4 lines):
M src/heap/incremental-marking.cc
M src/heap/mark-compact.h
M test/cctest/cctest.status
Index: src/heap/incremental-marking.cc
diff --git a/src/heap/incremental-marking.cc
b/src/heap/incremental-marking.cc
index
aadd17c94bd58be4f570dacb15ff6d5b71d3ac0d..a85d4a8489326ec84afcd2ca4191d45ebdda18fe
100644
--- a/src/heap/incremental-marking.cc
+++ b/src/heap/incremental-marking.cc
@@ -655,10 +655,7 @@ intptr_t
IncrementalMarking::ProcessMarkingDeque(intptr_t bytes_to_process) {
int size = obj->SizeFromMap(map);
unscanned_bytes_of_large_object_ = 0;
VisitObject(map, obj, size);
- int delta = (size - unscanned_bytes_of_large_object_);
- // TODO(jochen): remove after http://crbug.com/381820 is resolved.
- CHECK_LT(0, delta);
- bytes_processed += delta;
+ bytes_processed += size - unscanned_bytes_of_large_object_;
}
return bytes_processed;
}
Index: src/heap/mark-compact.h
diff --git a/src/heap/mark-compact.h b/src/heap/mark-compact.h
index
e26e06c24fa6c1c946a69dffb098d5f6e34d73f4..361f3a6377392022e69931832f2ee8ec6962d91d
100644
--- a/src/heap/mark-compact.h
+++ b/src/heap/mark-compact.h
@@ -168,6 +168,8 @@ class MarkingDeque {
// heap.
INLINE(void PushBlack(HeapObject* object)) {
DCHECK(object->IsHeapObject());
+ // TODO(jochen): Remove again before we branch for 4.2.
+ CHECK(object->IsHeapObject() && object->map()->IsMap());
if (IsFull()) {
Marking::BlackToGrey(object);
MemoryChunk::IncrementLiveBytesFromGC(object->address(),
-object->Size());
@@ -180,6 +182,8 @@ class MarkingDeque {
INLINE(void PushGrey(HeapObject* object)) {
DCHECK(object->IsHeapObject());
+ // TODO(jochen): Remove again before we branch for 4.2.
+ CHECK(object->IsHeapObject() && object->map()->IsMap());
if (IsFull()) {
SetOverflowed();
} else {
Index: test/cctest/cctest.status
diff --git a/test/cctest/cctest.status b/test/cctest/cctest.status
index
cc5414da27364e4955eaf8abd8f48de8f65121a3..731845617897f5f6c082db114fbf40d5d33282e9
100644
--- a/test/cctest/cctest.status
+++ b/test/cctest/cctest.status
@@ -117,6 +117,9 @@
# TODO(titzer): Triggers bug in late control reduction.
'test-run-inlining/InlineLoopGuardedEmpty': [SKIP],
+ # TODO(jochen): Reenable after we removed the CHECK() from the marking
queue.
+ 'test-mark-compact/MarkingDeque': [SKIP],
+
############################################################################
# Slow tests.
'test-api/Threading1': [PASS, ['mode == debug', SLOW]],
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
