[v8-dev] Re: Issue 3803 in v8: Generators-iterators mjsunit test fails flaky in deoptimizer on gc stress bot

Mon, 22 Jun 2015 01:27:07 -0700
Comment #19 on issue 3803 by [email protected]: Generators-iterators mjsunit test fails flaky in deoptimizer on gc stress bot 
https://code.google.com/p/v8/issues/detail?id=3803#c19

The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/816abc5e864e503a5c9802483f555c339d7ac52f 

commit 816abc5e864e503a5c9802483f555c339d7ac52f
Author: mstarzinger <[email protected]>
Date: Mon Jun 22 08:25:34 2015

Fix terrible interaction with code flushing.

This fixes a terrible interaction of code flushing and the clearing of
optimized code maps hanging off a SharedFunctionInfo. The following is
what happened:
1) Incremental marking cleared map in SharedFunctionInfo s, however it
   was not enqueued as a flushing candidate because one JSFunction f1
   still had optimized code.
2) Deoptimization of f1 made s eligible for code flushing.
3) Optimization of f2 added new entry to optimized code map of s.
4) The JSFunction f2 became unreachable and hence is never marked.
5) Incremental marking now visits f1, finds it eligible for flushing,
   also s is eligible for flushing, both are enqueued.
6) Marking finishes, code flusher clears f1 and s, but the optimized
   code map of s still contains an entry.
7) Boom!

[email protected],[email protected]
TEST=mjsunit/es6/generators-iteration
BUG=v8:3803
LOG=N

Review URL: https://codereview.chromium.org/1197713004

Cr-Commit-Position: refs/heads/master@{#29177}
[modify] http://crrev.com/816abc5e864e503a5c9802483f555c339d7ac52f/src/compiler.cc [modify] http://crrev.com/816abc5e864e503a5c9802483f555c339d7ac52f/src/factory.cc [modify] http://crrev.com/816abc5e864e503a5c9802483f555c339d7ac52f/src/heap/mark-compact.cc [modify] http://crrev.com/816abc5e864e503a5c9802483f555c339d7ac52f/test/mjsunit/mjsunit.status 


--
You received this message because this project is configured to send all issue notifications to this address. 
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to