Reviewers: Jakob,

Description:
Version 4.1.0.21 (cherry-pick)

Merged 206e9136bde0f2b5ae8cb77afbb1e7833e5bd412

Unlink pages from the space page list after evacuation.

BUG=430201
LOG=N
[email protected]

Please review this at https://codereview.chromium.org/953813002/

Base URL: https://chromium.googlesource.com/v8/[email protected]

Affected files (+22, -22 lines):
  M src/heap/mark-compact.cc
  M src/heap/spaces.cc
  M src/version.cc
  A + test/mjsunit/regress/regress-430201.js


Index: src/heap/mark-compact.cc
diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
index fa127db6129c0f1598eb2140f3d1fdb294ff4e90..c9a310a3f7aee0e915c5a674cf836ee01612e9b7 100644
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -3052,6 +3052,11 @@ void MarkCompactCollector::EvacuatePages() {
       // have an emergency page and the space still has room for that.
       if (space->HasEmergencyMemory() && space->CanExpand()) {
         EvacuateLiveObjectsFromPage(p);
+        // Unlink the page from the list of pages here. We must not iterate
+        // over that page later (e.g. when scan on scavenge pages are
+        // processed). The page itself will be freed later and is still
+        // reachable from the evacuation candidates list.
+        p->Unlink();
       } else {
// Without room for expansion evacuation is not guaranteed to succeed.
         // Pessimistically abandon unevacuated pages.
Index: src/heap/spaces.cc
diff --git a/src/heap/spaces.cc b/src/heap/spaces.cc
index 3802e470bd454a7da2680589f71bd31cb86ff37a..060052e706cf4196b907bb14c535ff4982392b37 100644
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -1142,7 +1142,12 @@ void PagedSpace::ReleasePage(Page* page) {
     allocation_info_.set_limit(NULL);
   }

-  page->Unlink();
+  // If page is still in a list, unlink it from that list.
+  if (page->next_chunk() != NULL) {
+    DCHECK(page->prev_chunk() != NULL);
+    page->Unlink();
+  }
+
   if (page->IsFlagSet(MemoryChunk::CONTAINS_ONLY_DATA)) {
     heap()->isolate()->memory_allocator()->Free(page);
   } else {
Index: src/version.cc
diff --git a/src/version.cc b/src/version.cc
index 9e6c767b9ccc46ece67db16e751bad7904db2513..edcf2be2db4a8654b74726cbaaed88cce42fde28 100644
--- a/src/version.cc
+++ b/src/version.cc
@@ -35,7 +35,7 @@
 #define MAJOR_VERSION     4
 #define MINOR_VERSION     1
 #define BUILD_NUMBER      0
-#define PATCH_LEVEL       20
+#define PATCH_LEVEL       21
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
 #define IS_CANDIDATE_VERSION 0
Index: test/mjsunit/regress/regress-430201.js
diff --git a/test/mjsunit/compiler/compare-map-elim.js b/test/mjsunit/regress/regress-430201.js
similarity index 85%
copy from test/mjsunit/compiler/compare-map-elim.js
copy to test/mjsunit/regress/regress-430201.js
index 288d4811a6811691366841f7693495f6c785da9e..b53383e22e4553ae4c0542d90338b55d20d40dc9 100644
--- a/test/mjsunit/compiler/compare-map-elim.js
+++ b/test/mjsunit/regress/regress-430201.js
@@ -25,27 +25,17 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-// Flags: --allow-natives-syntax --check-elimination
+// Flags: --allow-natives-syntax --expose-gc

-a = {
-  f: function() { this.y = 3; }
-};
-b = {
-  f: function() { this.y = 4; }
-};
+var array_1 = [];

-function x(z) {
-  return z.f();
-}
-
-x(a);
-x(b);
-x(a);
-x(b);
-x(a);
-x(b);
+%SetFlags("--stress-compaction");
+for (var a = 0; a < 10000; a++) { array_1[a * 100] = 0; }

-%OptimizeFunctionOnNextCall(x)
+gc();
+gc();

-x(a);
-x(b);
+var array_2 = [];
+for (var i = 0; i < 321361; i++) {
+  array_2[i] = String.fromCharCode(i)[0];
+}


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to