Revision: 19897
Author: [email protected]
Date: Thu Mar 13 14:09:18 2014 UTC
Log: Fix memory leak caused by treating Code::next_code_link as strong
in marker.
BUG=
TEST=test/cctest/NextCodeLinkIsWeak
[email protected]
Review URL: https://codereview.chromium.org/181833004
http://code.google.com/p/v8/source/detail?r=19897
Modified:
/branches/bleeding_edge/src/heap.cc
/branches/bleeding_edge/src/mark-compact.cc
/branches/bleeding_edge/src/objects-inl.h
/branches/bleeding_edge/src/objects-visiting-inl.h
/branches/bleeding_edge/src/objects-visiting.h
/branches/bleeding_edge/src/objects.h
/branches/bleeding_edge/test/cctest/test-heap.cc
=======================================
--- /branches/bleeding_edge/src/heap.cc Thu Mar 13 09:14:16 2014 UTC
+++ /branches/bleeding_edge/src/heap.cc Thu Mar 13 14:09:18 2014 UTC
@@ -4085,6 +4085,7 @@
code->set_is_crankshafted(crankshafted);
code->set_deoptimization_data(empty_fixed_array(), SKIP_WRITE_BARRIER);
code->set_raw_type_feedback_info(undefined_value());
+ code->set_next_code_link(undefined_value());
code->set_handler_table(empty_fixed_array(), SKIP_WRITE_BARRIER);
code->set_gc_metadata(Smi::FromInt(0));
code->set_ic_age(global_ic_age_);
=======================================
--- /branches/bleeding_edge/src/mark-compact.cc Mon Mar 10 19:05:43 2014 UTC
+++ /branches/bleeding_edge/src/mark-compact.cc Thu Mar 13 14:09:18 2014 UTC
@@ -1859,6 +1859,10 @@
void VisitPointers(Object** start, Object** end) {
for (Object** p = start; p < end; p++) MarkObjectByPointer(p);
}
+
+ // Skip the weak next code link in a code object, which is visited in
+ // ProcessTopOptimizedFrame.
+ void VisitNextCodeLink(Object** p) { }
private:
void MarkObjectByPointer(Object** p) {
=======================================
--- /branches/bleeding_edge/src/objects-inl.h Thu Mar 13 11:55:31 2014 UTC
+++ /branches/bleeding_edge/src/objects-inl.h Thu Mar 13 14:09:18 2014 UTC
@@ -1390,6 +1390,11 @@
void HeapObject::IteratePointer(ObjectVisitor* v, int offset) {
v->VisitPointer(reinterpret_cast<Object**>(FIELD_ADDR(this, offset)));
}
+
+
+void HeapObject::IterateNextCodeLink(ObjectVisitor* v, int offset) {
+ v->VisitNextCodeLink(reinterpret_cast<Object**>(FIELD_ADDR(this,
offset)));
+}
double HeapNumber::value() {
@@ -5685,6 +5690,7 @@
ACCESSORS(Code, handler_table, FixedArray, kHandlerTableOffset)
ACCESSORS(Code, deoptimization_data, FixedArray, kDeoptimizationDataOffset)
ACCESSORS(Code, raw_type_feedback_info, Object, kTypeFeedbackInfoOffset)
+ACCESSORS(Code, next_code_link, Object, kNextCodeLinkOffset)
void Code::WipeOutHeader() {
@@ -5711,20 +5717,6 @@
CONDITIONAL_WRITE_BARRIER(GetHeap(), this, kTypeFeedbackInfoOffset,
value, mode);
}
-
-
-Object* Code::next_code_link() {
- CHECK(kind() == OPTIMIZED_FUNCTION);
- return raw_type_feedback_info();
-}
-
-
-void Code::set_next_code_link(Object* value, WriteBarrierMode mode) {
- CHECK(kind() == OPTIMIZED_FUNCTION);
- set_raw_type_feedback_info(value);
- CONDITIONAL_WRITE_BARRIER(GetHeap(), this, kTypeFeedbackInfoOffset,
- value, mode);
-}
int Code::stub_info() {
=======================================
--- /branches/bleeding_edge/src/objects-visiting-inl.h Wed Mar 12 15:23:54
2014 UTC
+++ /branches/bleeding_edge/src/objects-visiting-inl.h Thu Mar 13 14:09:18
2014 UTC
@@ -899,6 +899,7 @@
IteratePointer(v, kHandlerTableOffset);
IteratePointer(v, kDeoptimizationDataOffset);
IteratePointer(v, kTypeFeedbackInfoOffset);
+ IterateNextCodeLink(v, kNextCodeLinkOffset);
IteratePointer(v, kConstantPoolOffset);
RelocIterator it(this, mode_mask);
@@ -933,6 +934,9 @@
StaticVisitor::VisitPointer(
heap,
reinterpret_cast<Object**>(this->address() +
kTypeFeedbackInfoOffset));
+ StaticVisitor::VisitNextCodeLink(
+ heap,
+ reinterpret_cast<Object**>(this->address() + kNextCodeLinkOffset));
StaticVisitor::VisitPointer(
heap,
reinterpret_cast<Object**>(this->address() + kConstantPoolOffset));
=======================================
--- /branches/bleeding_edge/src/objects-visiting.h Thu Jan 23 13:02:27 2014
UTC
+++ /branches/bleeding_edge/src/objects-visiting.h Thu Mar 13 14:09:18 2014
UTC
@@ -414,6 +414,8 @@
INLINE(static void VisitCodeAgeSequence(Heap* heap, RelocInfo* rinfo));
INLINE(static void VisitExternalReference(RelocInfo* rinfo)) { }
INLINE(static void VisitRuntimeEntry(RelocInfo* rinfo)) { }
+ // Skip the weak next code link in a code object.
+ INLINE(static void VisitNextCodeLink(Heap* heap, Object** slot)) { }
// TODO(mstarzinger): This should be made protected once refactoring is
done.
// Mark non-optimize code for functions inlined into the given optimized
=======================================
--- /branches/bleeding_edge/src/objects.h Thu Mar 13 12:45:12 2014 UTC
+++ /branches/bleeding_edge/src/objects.h Thu Mar 13 14:09:18 2014 UTC
@@ -1893,6 +1893,8 @@
inline void IteratePointers(ObjectVisitor* v, int start, int end);
// as above, for the single element at "offset"
inline void IteratePointer(ObjectVisitor* v, int offset);
+ // as above, for the next code link of a code object.
+ inline void IterateNextCodeLink(ObjectVisitor* v, int offset);
private:
DISALLOW_IMPLICIT_CONSTRUCTORS(HeapObject);
@@ -5229,7 +5231,6 @@
// the kind of the code object.
// FUNCTION => type feedback information.
// STUB => various things, e.g. a SMI
- // OPTIMIZED_FUNCTION => the next_code_link for optimized code list.
DECL_ACCESSORS(raw_type_feedback_info, Object)
inline Object* type_feedback_info();
inline void set_type_feedback_info(
@@ -5557,8 +5558,8 @@
kHandlerTableOffset + kPointerSize;
static const int kTypeFeedbackInfoOffset =
kDeoptimizationDataOffset + kPointerSize;
- static const int kNextCodeLinkOffset = kTypeFeedbackInfoOffset; //
Shared.
- static const int kGCMetadataOffset = kTypeFeedbackInfoOffset +
kPointerSize;
+ static const int kNextCodeLinkOffset = kTypeFeedbackInfoOffset +
kPointerSize;
+ static const int kGCMetadataOffset = kNextCodeLinkOffset + kPointerSize;
static const int kICAgeOffset =
kGCMetadataOffset + kPointerSize;
static const int kFlagsOffset = kICAgeOffset + kIntSize;
@@ -10702,6 +10703,9 @@
// Handy shorthand for visiting a single pointer.
virtual void VisitPointer(Object** p) { VisitPointers(p, p + 1); }
+
+ // Visit weak next_code_link in Code object.
+ virtual void VisitNextCodeLink(Object** p) { VisitPointers(p, p + 1); }
// To allow lazy clearing of inline caches the visitor has
// a rich interface for iterating over Code objects..
=======================================
--- /branches/bleeding_edge/test/cctest/test-heap.cc Thu Mar 13 00:20:06
2014 UTC
+++ /branches/bleeding_edge/test/cctest/test-heap.cc Thu Mar 13 14:09:18
2014 UTC
@@ -3696,6 +3696,102 @@
ASSERT(code->marked_for_deoptimization());
}
+
+
+
+static Handle<JSFunction> OptimizeDummyFunction(const char* name) {
+ char source[256];
+ snprintf(source, sizeof(source),
+ "function %s() { return 0; }"
+ "%s(); %s();"
+ "%%OptimizeFunctionOnNextCall(%s);"
+ "%s();", name, name, name, name, name);
+ CompileRun(source);
+ Handle<JSFunction> fun =
+ v8::Utils::OpenHandle(
+ *v8::Handle<v8::Function>::Cast(
+ CcTest::global()->Get(v8_str(name))));
+ return fun;
+}
+
+
+static int GetCodeChainLength(Code* code) {
+ int result = 0;
+ while (code->next_code_link()->IsCode()) {
+ result++;
+ code = Code::cast(code->next_code_link());
+ }
+ return result;
+}
+
+
+TEST(NextCodeLinkIsWeak) {
+ i::FLAG_allow_natives_syntax = true;
+ CcTest::InitializeVM();
+ Isolate* isolate = CcTest::i_isolate();
+ v8::internal::Heap* heap = CcTest::heap();
+
+ if (!isolate->use_crankshaft()) return;
+ HandleScope outer_scope(heap->isolate());
+ Handle<Code> code;
+ heap->CollectAllAvailableGarbage();
+ int code_chain_length_before, code_chain_length_after;
+ {
+ HandleScope scope(heap->isolate());
+ Handle<JSFunction> mortal = OptimizeDummyFunction("mortal");
+ Handle<JSFunction> immortal = OptimizeDummyFunction("immortal");
+ CHECK_EQ(immortal->code()->next_code_link(), mortal->code());
+ code_chain_length_before = GetCodeChainLength(immortal->code());
+ // Keep the immortal code and let the mortal code die.
+ code = scope.CloseAndEscape(Handle<Code>(immortal->code()));
+ CompileRun("mortal = null; immortal = null;");
+ }
+ heap->CollectAllAvailableGarbage();
+ // Now mortal code should be dead.
+ code_chain_length_after = GetCodeChainLength(*code);
+ CHECK_EQ(code_chain_length_before - 1, code_chain_length_after);
+}
+
+
+static Handle<Code> DummyOptimizedCode(Isolate* isolate) {
+ i::byte buffer[i::Assembler::kMinimalBufferSize];
+ MacroAssembler masm(isolate, buffer, sizeof(buffer));
+ CodeDesc desc;
+ masm.Prologue(BUILD_FUNCTION_FRAME);
+ masm.GetCode(&desc);
+ Handle<Object> undefined(isolate->heap()->undefined_value(), isolate);
+ Handle<Code> code = isolate->factory()->NewCode(
+ desc, Code::ComputeFlags(Code::OPTIMIZED_FUNCTION), undefined);
+ CHECK(code->IsCode());
+ return code;
+}
+
+
+TEST(NextCodeLinkIsWeak2) {
+ i::FLAG_allow_natives_syntax = true;
+ CcTest::InitializeVM();
+ Isolate* isolate = CcTest::i_isolate();
+ v8::internal::Heap* heap = CcTest::heap();
+
+ if (!isolate->use_crankshaft()) return;
+ HandleScope outer_scope(heap->isolate());
+ heap->CollectAllAvailableGarbage();
+ Handle<Context> context(Context::cast(heap->native_contexts_list()),
isolate);
+ Handle<Code> new_head;
+ Handle<Object> old_head(context->get(Context::OPTIMIZED_CODE_LIST),
isolate);
+ {
+ HandleScope scope(heap->isolate());
+ Handle<Code> immortal = DummyOptimizedCode(isolate);
+ Handle<Code> mortal = DummyOptimizedCode(isolate);
+ mortal->set_next_code_link(*old_head);
+ immortal->set_next_code_link(*mortal);
+ context->set(Context::OPTIMIZED_CODE_LIST, *immortal);
+ new_head = scope.CloseAndEscape(immortal);
+ }
+ heap->CollectAllAvailableGarbage();
+ // Now mortal code should be dead.
+ CHECK_EQ(*old_head, new_head->next_code_link());
+}
#ifdef DEBUG
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
