Reviewers: jarin,
Description:
Just add slots that point to to-space objects back to the store buffer.
BUG=
Please review this at https://codereview.chromium.org/946973008/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+5, -1 lines):
M src/heap/store-buffer.cc
Index: src/heap/store-buffer.cc
diff --git a/src/heap/store-buffer.cc b/src/heap/store-buffer.cc
index
591d28fe9fc06de96861f0923b3453c10e74c9f6..5135db3e60939a4a255a5b8d13371456fae3a1d0
100644
--- a/src/heap/store-buffer.cc
+++ b/src/heap/store-buffer.cc
@@ -424,7 +424,11 @@ void
StoreBuffer::IteratePointersInStoreBuffer(ObjectSlotCallback slot_callback,
slot_callback(reinterpret_cast<HeapObject**>(slot), heap_object);
object = reinterpret_cast<Object*>(
base::NoBarrier_Load(reinterpret_cast<base::AtomicWord*>(slot)));
- if (heap_->InNewSpace(object)) {
+ // If the object was in from space before and is after executing
the
+ // callback in to space, the object is for sure still live.
+ // Unfortunately, we do not know about the slot. It could be in a
+ // just freed free space object.
+ if (heap_->InToSpace(object)) {
EnterDirectlyIntoStoreBuffer(reinterpret_cast<Address>(slot));
}
}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
