Reviewers: jarin,
Description:
Recorded slots in store buffer are never in free space. Remove migration
consistency check.
After establishing the invariant that the store buffer always have valid
slots
after marking, the store buffer integrity check is not needed anymore.
BUG=454157
LOG=n
Please review this at https://codereview.chromium.org/990173002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+2, -14 lines):
M src/heap/heap.cc
Index: src/heap/heap.cc
diff --git a/src/heap/heap.cc b/src/heap/heap.cc
index
9ea06d26fde69cd1e1a255de435fc1c46315ca40..b668bf8c3cefb6a3e67d3e2349507549abee99ff
100644
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -2157,21 +2157,9 @@ class ScavengingVisitor : public StaticVisitorBase {
if (alignment != kObjectAlignment) {
target = EnsureDoubleAligned(heap, target, allocation_size);
}
+ // Update slot to new target.
+ *slot = target;
- // Order is important: slot might be inside of the target if target
- // was allocated over a dead object and slot comes from the store
- // buffer.
-
- // Unfortunately, the allocation can also write over the slot if the
slot
- // was in free space and the allocation wrote free list data (such
as the
- // free list map or entry size) over the slot. We guard against
this by
- // checking that the slot still points to the object being moved.
This
- // should be sufficient because neither the free list map nor the
free
- // list entry size should look like a new space pointer (the former
is an
- // old space pointer, the latter is word-aligned).
- if (*slot == object) {
- *slot = target;
- }
MigrateObject(heap, object, target, object_size);
if (object_contents == POINTER_OBJECT) {
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
