Reviewers: Hablich,
Description:
Version 4.5.103.24 (cherry-pick)
Merged 66f540c0738ce770359232f0bafdd9cb099d6569
Merged 82e1069330a9cdc692602fef766d1aec5b9e9328
Merged 8606664b37f4dc4b42106563984c19e4f72d9d3a
Use proper verify method when checking slots buffer entries.
Add support for large object IsSlotInBlackObject to filter out all dead
slots
correctly.
Filter out slot buffer slots, that point to SMIs in dead objects.
BUG=chromium:454297,chromium:454297,chromium:454297,chromium:519577
LOG=N
[email protected]
Please review this at https://codereview.chromium.org/1286323004/
Base URL: https://chromium.googlesource.com/v8/[email protected]
Affected files (+21, -22 lines):
M include/v8-version.h
M src/heap/mark-compact.cc
Index: include/v8-version.h
diff --git a/include/v8-version.h b/include/v8-version.h
index
459abafcff42a1e7a6b7a0e5229aaf6e3e4359d3..f6f62d736a373b68a207f399507941edbca218b6
100644
--- a/include/v8-version.h
+++ b/include/v8-version.h
@@ -11,7 +11,7 @@
#define V8_MAJOR_VERSION 4
#define V8_MINOR_VERSION 5
#define V8_BUILD_NUMBER 103
-#define V8_PATCH_LEVEL 23
+#define V8_PATCH_LEVEL 24
// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
Index: src/heap/mark-compact.cc
diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
index
8bbfeb173f7ba3ac5e55b63145e62d3085338727..9ca06cf2e64c449188656fd494ae84370ccde554
100644
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -3058,11 +3058,18 @@ bool
MarkCompactCollector::TryPromoteObject(HeapObject* object,
bool MarkCompactCollector::IsSlotInBlackObject(Page* p, Address slot,
HeapObject** out_object) {
- // This function does not support large objects right now.
Space* owner = p->owner();
if (owner == heap_->lo_space() || owner == NULL) {
- *out_object = NULL;
- return true;
+ Object* large_object = heap_->lo_space()->FindObject(slot);
+ // This object has to exist, otherwise we would not have recorded a
slot
+ // for it.
+ CHECK(large_object->IsHeapObject());
+ HeapObject* large_heap_object = HeapObject::cast(large_object);
+ if (IsMarked(large_heap_object)) {
+ *out_object = large_heap_object;
+ return true;
+ }
+ return false;
}
uint32_t mark_bit_index = p->AddressToMarkbitIndex(slot);
@@ -3179,13 +3186,8 @@ bool
MarkCompactCollector::IsSlotInLiveObject(Address slot) {
return false;
}
- // |object| is NULL only when the slot belongs to large object space.
- DCHECK(object != NULL ||
- Page::FromAnyPointerAddress(heap_, slot)->owner() ==
- heap_->lo_space());
- // We don't need to check large objects' layout descriptor since it can't
- // contain in-object fields anyway.
- if (object != NULL) {
+ DCHECK(object != NULL);
+
switch (object->ContentType()) {
case HeapObjectContents::kTaggedValues:
return true;
@@ -3214,9 +3216,7 @@ bool MarkCompactCollector::IsSlotInLiveObject(Address
slot) {
}
}
UNREACHABLE();
- }
-
- return true;
+ return true;
}
@@ -4444,12 +4444,10 @@ void SlotsBuffer::RemoveInvalidSlots(Heap* heap,
SlotsBuffer* buffer) {
ObjectSlot slot = slots[slot_idx];
if (!IsTypedSlot(slot)) {
Object* object = *slot;
- if (object->IsHeapObject()) {
- if (heap->InNewSpace(object) ||
- !heap->mark_compact_collector()->IsSlotInLiveObject(
- reinterpret_cast<Address>(slot))) {
- slots[slot_idx] = kRemovedEntry;
- }
+ if ((object->IsHeapObject() && heap->InNewSpace(object)) ||
+ !heap->mark_compact_collector()->IsSlotInLiveObject(
+ reinterpret_cast<Address>(slot))) {
+ slots[slot_idx] = kRemovedEntry;
}
} else {
++slot_idx;
@@ -4506,9 +4504,10 @@ void SlotsBuffer::VerifySlots(Heap* heap,
SlotsBuffer* buffer) {
if (!IsTypedSlot(slot)) {
Object* object = *slot;
if (object->IsHeapObject()) {
+ HeapObject* heap_object = HeapObject::cast(object);
CHECK(!heap->InNewSpace(object));
- CHECK(heap->mark_compact_collector()->IsSlotInLiveObject(
- reinterpret_cast<Address>(slot)));
+ heap->mark_compact_collector()->VerifyIsSlotInLiveObject(
+ reinterpret_cast<Address>(slot), heap_object);
}
} else {
++slot_idx;
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
