[v8-dev] Invalidate embedded objects in optimized code if it was marked for deoptimization (issue 61213012)

[ulan]

Reviewers: danno,

Message:
PTAL

https://chromiumcodereview.appspot.com/61213012/diff/30001/src/objects.cc
File src/objects.cc (right):

https://chromiumcodereview.appspot.com/61213012/diff/30001/src/objects.cc#newcode10384
src/objects.cc:10384: it.rinfo()->set_target_object(undefined,
SKIP_WRITE_BARRIER);
We cannot put smi(0) here because, target object has to heap object.

Description:
Invalidate embedded objects in optimized code if it was marked for
deoptimization
becase of dead embedded objects.

It avoids having dead pointers in code from the time it was marked for
deoptimization
until it is deoptimized.

BUG=320532,v8:2996
TEST=mjsunit/regress/regress-320532.js
LOG=Y

Please review this at https://chromiumcodereview.appspot.com/61213012/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+13, -0 lines):
  M src/mark-compact.cc
  M src/objects.h
  M src/objects.cc


Index: src/mark-compact.cc
diff --git a/src/mark-compact.cc b/src/mark-compact.cc
index  
6d03d43652e81a3afd101785800eeb2358e63fde..d4eb9efdaacfb3a98f85b896f99a60cd3d548342  
100644
--- a/src/mark-compact.cc
+++ b/src/mark-compact.cc
@@ -2655,6 +2655,7 @@ void  
MarkCompactCollector::ClearAndDeoptimizeDependentCode(

     if (IsMarked(code) && !code->marked_for_deoptimization()) {
       code->set_marked_for_deoptimization(true);
+      code->InvalidateEmbeddedObjects(heap()->undefined_value());
       have_code_to_deoptimize_ = true;
     }
     entries->clear_at(i);
Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index  
6cb5e212026de06051e8d83d9000964d4e3a7ba5..6686d161c113c8768f7764dae90262f124511532  
100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -10376,6 +10376,17 @@ void Code::InvalidateRelocation() {
 }


+void Code::InvalidateEmbeddedObjects(Object* undefined) {
+  int mode_mask = RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT);
+  for (RelocIterator it(this, mode_mask); !it.done(); it.next()) {
+    RelocInfo::Mode mode = it.rinfo()->rmode();
+    if (mode == RelocInfo::EMBEDDED_OBJECT) {
+      it.rinfo()->set_target_object(undefined, SKIP_WRITE_BARRIER);
+    }
+  }
+}
+
+
 void Code::Relocate(intptr_t delta) {
   for (RelocIterator it(this, RelocInfo::kApplyMask); !it.done();  
it.next()) {
     it.rinfo()->apply(delta);
Index: src/objects.h
diff --git a/src/objects.h b/src/objects.h
index  
c720c440b0400d94e71afb77f612960587ce88a5..64e28934bbee769033f2e85a37c9c0978da2091d  
100644
--- a/src/objects.h
+++ b/src/objects.h
@@ -5062,6 +5062,7 @@ class Code: public HeapObject {
   // [relocation_info]: Code relocation information
   DECL_ACCESSORS(relocation_info, ByteArray)
   void InvalidateRelocation();
+  void InvalidateEmbeddedObjects(Object* undefined);

   // [handler_table]: Fixed array containing offsets of exception handlers.
   DECL_ACCESSORS(handler_table, FixedArray)


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.