Revision: 11569
Author: [email protected]
Date: Tue May 15 08:45:38 2012
Log: Add zapping of Map contents in debug mode.
This zaps the contents of stale descriptor arrays and prototype
transition arrays before overwriting references to them. It should help
to discover accidental sharing early and is needed for the heap verifier
when map collection with incremental marking lands.
[email protected]
BUG=v8:1465
Review URL: https://chromiumcodereview.appspot.com/10383186
http://code.google.com/p/v8/source/detail?r=11569
Modified:
/branches/bleeding_edge/src/objects-debug.cc
/branches/bleeding_edge/src/objects-inl.h
/branches/bleeding_edge/src/objects.h
=======================================
--- /branches/bleeding_edge/src/objects-debug.cc Wed May 9 00:29:18 2012
+++ /branches/bleeding_edge/src/objects-debug.cc Tue May 15 08:45:38 2012
@@ -990,6 +990,28 @@
}
}
}
+
+
+void Map::ZapInstanceDescriptors() {
+ DescriptorArray* descriptors = instance_descriptors();
+ if (descriptors == GetHeap()->empty_descriptor_array()) return;
+ FixedArray* contents = FixedArray::cast(
+ descriptors->get(DescriptorArray::kContentArrayIndex));
+ MemsetPointer(descriptors->data_start(),
+ GetHeap()->the_hole_value(),
+ descriptors->length());
+ MemsetPointer(contents->data_start(),
+ GetHeap()->the_hole_value(),
+ contents->length());
+}
+
+
+void Map::ZapPrototypeTransitions() {
+ FixedArray* proto_transitions = prototype_transitions();
+ MemsetPointer(proto_transitions->data_start(),
+ GetHeap()->the_hole_value(),
+ proto_transitions->length());
+}
#endif // DEBUG
=======================================
--- /branches/bleeding_edge/src/objects-inl.h Wed May 9 00:29:18 2012
+++ /branches/bleeding_edge/src/objects-inl.h Tue May 15 08:45:38 2012
@@ -3351,6 +3351,9 @@
Object* object = READ_FIELD(this,
kInstanceDescriptorsOrBitField3Offset);
if (!object->IsSmi()) {
+#ifdef DEBUG
+ ZapInstanceDescriptors();
+#endif
WRITE_FIELD(
this,
kInstanceDescriptorsOrBitField3Offset,
@@ -3376,6 +3379,11 @@
}
}
ASSERT(!is_shared());
+#ifdef DEBUG
+ if (value != instance_descriptors()) {
+ ZapInstanceDescriptors();
+ }
+#endif
WRITE_FIELD(this, kInstanceDescriptorsOrBitField3Offset, value);
CONDITIONAL_WRITE_BARRIER(
heap, this, kInstanceDescriptorsOrBitField3Offset, value, mode);
@@ -3448,6 +3456,11 @@
Heap* heap = GetHeap();
ASSERT(value != heap->empty_fixed_array());
value->set(kProtoTransitionBackPointerOffset, GetBackPointer());
+#ifdef DEBUG
+ if (value != prototype_transitions()) {
+ ZapPrototypeTransitions();
+ }
+#endif
WRITE_FIELD(this, kPrototypeTransitionsOrBackPointerOffset, value);
CONDITIONAL_WRITE_BARRIER(
heap, this, kPrototypeTransitionsOrBackPointerOffset, value, mode);
=======================================
--- /branches/bleeding_edge/src/objects.h Wed May 9 07:34:27 2012
+++ /branches/bleeding_edge/src/objects.h Tue May 15 08:45:38 2012
@@ -4855,6 +4855,14 @@
Handle<Map> FindTransitionedMap(MapHandleList* candidates);
Map* FindTransitionedMap(MapList* candidates);
+ // Zaps the contents of backing data structures in debug mode. Note that
the
+ // heap verifier (i.e. VerifyMarkingVisitor) relies on zapping of objects
+ // holding weak references when incremental marking is used, because it
also
+ // iterates over objects that are otherwise unreachable.
+#ifdef DEBUG
+ void ZapInstanceDescriptors();
+ void ZapPrototypeTransitions();
+#endif
// Dispatched behavior.
#ifdef OBJECT_PRINT
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
