Ok, you are definitely right. Looking through the logs that I have
collected I
see the following scenario:
1. Marking starts
2. ArrayBuffers in NewSpace are visited and marked as live by removing them
from
not_yet_..._for_scavenge
3. Scavenge starts, PrepareArrayBufferDiscovery is called,
not_yet_..._for_scavenge is overwritten
4. ArrayBuffers in NewSpace are visited again and removed from the
not_yet_..._for_scavenge
5. Scavenge ends, buffers are not freed `not_yet_..._for_scavenge` is
overwritten by `live_..._for_scavenge`
6. Mark-Compact GC resumes
7. `live_..._for_scavenge === not_yet_..._for_scavenge`
8. Buffers are freed
9. EvacuateNewSpaceAndCandidates is invoked, it finds these buffers and
promotes
them to Old Space
10. Crash happens when Old Space is GCed.
I think the reordering `Evacuate` and `FreeDeadBuffers` fixes it with the
price
of loosing the invariant. The other choice is to disable Scavenge during
Mark-Compact GC.
Thoughts?
https://codereview.chromium.org/1316873004/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
