Reviewers: Vyacheslav Egorov,
Message:
PTAL.
Description:
Fix filtering of store buffer for large object pages.
Our Heap::FreeQueuedChunks generates fake inner chunks in large object
pages queued for freeing, so that StoreBuffer::Filter can recognize them
as pages to be freed. This also relies on MemoryChunk::Contains to work
properly, which is why the size field needs to be initialized as well.
[email protected]
BUG=v8:1817
TEST=mozilla/js1_5/Regress/regress-360969-05
Please review this at http://codereview.chromium.org/8536009/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/heap.cc
M src/spaces.h
M test/mozilla/mozilla.status
Index: src/heap.cc
diff --git a/src/heap.cc b/src/heap.cc
index
4da83e859e3ddff3f2988c00f066ab63ddf58c04..8a844e4a1e616f61f5660bad0bee816816f0e8a7
100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -6392,8 +6392,8 @@ void Heap::FreeQueuedChunks() {
// it try to perform a search in the list of pages owned by of the
large
// object space and queued chunks were detached from that list.
// To work around this we split large chunk into normal kPageSize
aligned
- // pieces and initialize owner field and flags of every piece.
- // If FromAnyPointerAddress encounteres a slot that belongs to one of
+ // pieces and initialize size, owner and flags field of every piece.
+ // If FromAnyPointerAddress encounters a slot that belongs to one of
// these smaller pieces it will treat it as a slot on a normal Page.
MemoryChunk* inner = MemoryChunk::FromAddress(
chunk->address() + Page::kPageSize);
@@ -6401,8 +6401,9 @@ void Heap::FreeQueuedChunks() {
chunk->address() + chunk->size() - 1);
while (inner <= inner_last) {
// Size of a large chunk is always a multiple of
- // OS::AllocationAlignment() so there is always
+ // MemoryChunk::kAlignment so there is always
// enough space for a fake MemoryChunk header.
+ inner->set_size(Page::kPageSize);
inner->set_owner(lo_space());
inner->SetFlag(MemoryChunk::ABOUT_TO_BE_FREED);
inner = MemoryChunk::FromAddress(
Index: src/spaces.h
diff --git a/src/spaces.h b/src/spaces.h
index
45e008c00220b9bb4baf5d49d26dc398e43bd7b6..fd9f83f89ddc48629b0d87eb3218f7a7c945ad92
100644
--- a/src/spaces.h
+++ b/src/spaces.h
@@ -504,6 +504,10 @@ class MemoryChunk {
size_t size() const { return size_; }
+ void set_size(size_t size) {
+ size_ = size;
+ }
+
Executability executable() {
return IsFlagSet(IS_EXECUTABLE) ? EXECUTABLE : NOT_EXECUTABLE;
}
Index: test/mozilla/mozilla.status
diff --git a/test/mozilla/mozilla.status b/test/mozilla/mozilla.status
index
7d8741c9763ddf2b82263acaea5d5fbc9402bc9a..e31a630b8a750a7811a6984acb4207ecfc7b0fa0
100644
--- a/test/mozilla/mozilla.status
+++ b/test/mozilla/mozilla.status
@@ -48,10 +48,6 @@ def FAIL_OK = FAIL, OKAY
##################### SKIPPED TESTS #####################
-# Skip one test until we figure out what is causing the regression.
-# http://code.google.com/p/v8/issues/detail?id=1817
-js1_5/Regress/regress-360969-05: SKIP
-
# This test checks that we behave properly in an out-of-memory
# situation. The test fails in V8 with an exception and takes a long
# time to do so.
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
