[v8-dev] Fix processing of partially initialized JSWeakCollection. (issue 300843009)

Wed, 28 May 2014 04:10:32 -0700 

Reviewers: Hannes Payer,

Description:
Fix processing of partially initialized JSWeakCollection.

[email protected]
BUG=v8:2070
LOG=N

Please review this at https://codereview.chromium.org/300843009/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+24, -20 lines):
  M src/mark-compact.cc
  M src/objects-visiting-inl.h


Index: src/mark-compact.cc
diff --git a/src/mark-compact.cc b/src/mark-compact.cc
index 3d1af7cdb474097a1892982f148f94a6551f0528..e13a974a9dbc9f49d1efca5ea0ddac84d502dffb 100644 
--- a/src/mark-compact.cc
+++ b/src/mark-compact.cc
@@ -2740,21 +2740,22 @@ void MarkCompactCollector::ProcessWeakCollections() { GCTracer::Scope gc_scope(tracer_, GCTracer::Scope::MC_WEAKCOLLECTION_PROCESS); 
   Object* weak_collection_obj = encountered_weak_collections();
   while (weak_collection_obj != Smi::FromInt(0)) {
-    ASSERT(MarkCompactCollector::IsMarked(
-        HeapObject::cast(weak_collection_obj)));
     JSWeakCollection* weak_collection =
         reinterpret_cast<JSWeakCollection*>(weak_collection_obj);
- ObjectHashTable* table = ObjectHashTable::cast(weak_collection->table()); 
-    Object** anchor = reinterpret_cast<Object**>(table->address());
-    for (int i = 0; i < table->Capacity(); i++) {
- if (MarkCompactCollector::IsMarked(HeapObject::cast(table->KeyAt(i)))) { 
-        Object** key_slot =
-            table->RawFieldOfElementAt(ObjectHashTable::EntryToIndex(i));
-        RecordSlot(anchor, key_slot, *key_slot);
-        Object** value_slot =
- table->RawFieldOfElementAt(ObjectHashTable::EntryToValueIndex(i)); 
-        MarkCompactMarkingVisitor::MarkObjectByPointer(
-            this, anchor, value_slot);
+    ASSERT(MarkCompactCollector::IsMarked(weak_collection));
+    if (weak_collection->table()->IsHashTable()) {
+ ObjectHashTable* table = ObjectHashTable::cast(weak_collection->table()); 
+      Object** anchor = reinterpret_cast<Object**>(table->address());
+      for (int i = 0; i < table->Capacity(); i++) {
+ if (MarkCompactCollector::IsMarked(HeapObject::cast(table->KeyAt(i)))) { 
+          Object** key_slot =
+              table->RawFieldOfElementAt(ObjectHashTable::EntryToIndex(i));
+          RecordSlot(anchor, key_slot, *key_slot);
+          Object** value_slot =
+ table->RawFieldOfElementAt(ObjectHashTable::EntryToValueIndex(i)); 
+          MarkCompactMarkingVisitor::MarkObjectByPointer(
+              this, anchor, value_slot);
+        }
       }
     }
     weak_collection_obj = weak_collection->next();
@@ -2766,14 +2767,16 @@ void MarkCompactCollector::ClearWeakCollections() {
GCTracer::Scope gc_scope(tracer_, GCTracer::Scope::MC_WEAKCOLLECTION_CLEAR); 
   Object* weak_collection_obj = encountered_weak_collections();
   while (weak_collection_obj != Smi::FromInt(0)) {
-    ASSERT(MarkCompactCollector::IsMarked(
-        HeapObject::cast(weak_collection_obj)));
     JSWeakCollection* weak_collection =
         reinterpret_cast<JSWeakCollection*>(weak_collection_obj);
- ObjectHashTable* table = ObjectHashTable::cast(weak_collection->table()); 
-    for (int i = 0; i < table->Capacity(); i++) {
- if (!MarkCompactCollector::IsMarked(HeapObject::cast(table->KeyAt(i)))) { 
-        table->RemoveEntry(i);
+    ASSERT(MarkCompactCollector::IsMarked(weak_collection));
+    if (weak_collection->table()->IsHashTable()) {
+ ObjectHashTable* table = ObjectHashTable::cast(weak_collection->table()); 
+      for (int i = 0; i < table->Capacity(); i++) {
+        HeapObject* key = HeapObject::cast(table->KeyAt(i));
+        if (!MarkCompactCollector::IsMarked(key)) {
+          table->RemoveEntry(i);
+        }
       }
     }
     weak_collection_obj = weak_collection->next();
Index: src/objects-visiting-inl.h
diff --git a/src/objects-visiting-inl.h b/src/objects-visiting-inl.h
index 65c93a288bfb553ed792013c185b3896675e26d0..057b8ae99ffc3651e80b729c6f96f9335cb342a3 100644 
--- a/src/objects-visiting-inl.h
+++ b/src/objects-visiting-inl.h
@@ -404,7 +404,7 @@ void StaticMarkingVisitor<StaticVisitor>::VisitWeakCollection( 
       reinterpret_cast<JSWeakCollection*>(object);
   MarkCompactCollector* collector = heap->mark_compact_collector();

-  // Enqueue weak map in linked list of encountered weak maps.
+ // Enqueue weak collection in linked list of encountered weak collections. 
   if (weak_collection->next() == heap->undefined_value()) {
     weak_collection->set_next(collector->encountered_weak_collections());
     collector->set_encountered_weak_collections(weak_collection);
@@ -420,6 +420,7 @@ void StaticMarkingVisitor<StaticVisitor>::VisitWeakCollection( 
   STATIC_ASSERT(JSWeakCollection::kNextOffset + kPointerSize ==
       JSWeakCollection::kSize);
+ // Partially initialized weak collection is enqueued, but table is ignored. 
   if (!weak_collection->table()->IsHashTable()) return;

   // Mark the backing hash table without pushing it on the marking stack.


--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to