Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Filter left trimmer v6.x #10666

Closed
Closed
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 45 additions & 30 deletions deps/v8/src/heap/heap.cc
Original file line number Diff line number Diff line change
Expand Up @@ -3166,10 +3166,6 @@ FixedArrayBase* Heap::LeftTrimFixedArray(FixedArrayBase* object,
DCHECK(!lo_space()->Contains(object));
DCHECK(object->map() != fixed_cow_array_map());

// Ensure that the no handle-scope has more than one pointer to the same
// backing-store.
SLOW_DCHECK(CountHandlesForObject(object) <= 1);

STATIC_ASSERT(FixedArrayBase::kMapOffset == 0);
STATIC_ASSERT(FixedArrayBase::kLengthOffset == kPointerSize);
STATIC_ASSERT(FixedArrayBase::kHeaderSize == 2 * kPointerSize);
Expand Down Expand Up @@ -4804,6 +4800,49 @@ void Heap::IterateSmiRoots(ObjectVisitor* v) {
v->Synchronize(VisitorSynchronization::kSmiRootList);
}

// We cannot avoid stale handles to left-trimmed objects, but can only make
// sure all handles still needed are updated. Filter out a stale pointer
// and clear the slot to allow post processing of handles (needed because
// the sweeper might actually free the underlying page).
class FixStaleLeftTrimmedHandlesVisitor : public ObjectVisitor {
public:
explicit FixStaleLeftTrimmedHandlesVisitor(Heap* heap) : heap_(heap) {
USE(heap_);
}

void VisitPointer(Object** p) override { FixHandle(p); }

void VisitPointers(Object** start, Object** end) override {
for (Object** p = start; p < end; p++) FixHandle(p);
}

private:
inline void FixHandle(Object** p) {
HeapObject* current = reinterpret_cast<HeapObject*>(*p);
if (!current->IsHeapObject()) return;
const MapWord map_word = current->map_word();
if (!map_word.IsForwardingAddress() && current->IsFiller()) {
#ifdef DEBUG
// We need to find a FixedArrayBase map after walking the fillers.
while (current->IsFiller()) {
Address next = reinterpret_cast<Address>(current);
if (current->map() == heap_->one_pointer_filler_map()) {
next += kPointerSize;
} else if (current->map() == heap_->two_pointer_filler_map()) {
next += 2 * kPointerSize;
} else {
next += current->Size();
}
current = reinterpret_cast<HeapObject*>(next);
}
DCHECK(current->IsFixedArrayBase());
#endif // DEBUG
*p = nullptr;
}
}

Heap* heap_;
};

void Heap::IterateStrongRoots(ObjectVisitor* v, VisitMode mode) {
v->VisitPointers(&roots_[0], &roots_[kStrongRootListLength]);
Expand All @@ -4824,6 +4863,8 @@ void Heap::IterateStrongRoots(ObjectVisitor* v, VisitMode mode) {
v->Synchronize(VisitorSynchronization::kCompilationCache);

// Iterate over local handles in handle scopes.
FixStaleLeftTrimmedHandlesVisitor left_trim_visitor(this);
isolate_->handle_scope_implementer()->Iterate(&left_trim_visitor);
isolate_->handle_scope_implementer()->Iterate(v);
isolate_->IterateDeferredHandles(v);
v->Synchronize(VisitorSynchronization::kHandleScope);
Expand Down Expand Up @@ -5671,32 +5712,6 @@ void Heap::PrintHandles() {

#endif

#ifdef ENABLE_SLOW_DCHECKS

class CountHandleVisitor : public ObjectVisitor {
public:
explicit CountHandleVisitor(Object* object) : object_(object) {}

void VisitPointers(Object** start, Object** end) override {
for (Object** p = start; p < end; p++) {
if (object_ == reinterpret_cast<Object*>(*p)) count_++;
}
}

int count() { return count_; }

private:
Object* object_;
int count_ = 0;
};

int Heap::CountHandlesForObject(Object* object) {
CountHandleVisitor v(object);
isolate_->handle_scope_implementer()->Iterate(&v);
return v.count();
}
#endif

class CheckHandleCountVisitor : public ObjectVisitor {
public:
CheckHandleCountVisitor() : handle_count_(0) {}
Expand Down
3 changes: 0 additions & 3 deletions deps/v8/src/heap/heap.h
Original file line number Diff line number Diff line change
Expand Up @@ -1394,9 +1394,6 @@ class Heap {
void ReportHeapStatistics(const char* title);
void ReportCodeStatistics(const char* title);
#endif
#ifdef ENABLE_SLOW_DCHECKS
int CountHandlesForObject(Object* object);
#endif

private:
class PretenuringScope;
Expand Down
2 changes: 1 addition & 1 deletion deps/v8/src/heap/mark-compact.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1374,8 +1374,8 @@ class RootMarkingVisitor : public ObjectVisitor {
void MarkObjectByPointer(Object** p) {
if (!(*p)->IsHeapObject()) return;

// Replace flat cons strings in place.
HeapObject* object = HeapObject::cast(*p);

MarkBit mark_bit = Marking::MarkBitFrom(object);
if (Marking::IsBlackOrGrey(mark_bit)) return;

Expand Down
1 change: 1 addition & 0 deletions deps/v8/src/heap/scavenger.cc
Original file line number Diff line number Diff line change
Expand Up @@ -462,6 +462,7 @@ void ScavengeVisitor::VisitPointers(Object** start, Object** end) {
void ScavengeVisitor::ScavengePointer(Object** p) {
Object* object = *p;
if (!heap_->InNewSpace(object)) return;

Scavenger::ScavengeObject(reinterpret_cast<HeapObject**>(p),
reinterpret_cast<HeapObject*>(object));
}
Expand Down
3 changes: 1 addition & 2 deletions deps/v8/src/objects-inl.h
Original file line number Diff line number Diff line change
Expand Up @@ -1261,8 +1261,7 @@ Map* MapWord::ToMap() {
return reinterpret_cast<Map*>(value_);
}


bool MapWord::IsForwardingAddress() {
bool MapWord::IsForwardingAddress() const {
return HAS_SMI_TAG(reinterpret_cast<Object*>(value_));
}

Expand Down
2 changes: 1 addition & 1 deletion deps/v8/src/objects.h
Original file line number Diff line number Diff line change
Expand Up @@ -1476,7 +1476,7 @@ class MapWord BASE_EMBEDDED {
// True if this map word is a forwarding address for a scavenge
// collection. Only valid during a scavenge collection (specifically,
// when all map words are heap object pointers, i.e. not during a full GC).
inline bool IsForwardingAddress();
inline bool IsForwardingAddress() const;

// Create a map word from a forwarding address.
static inline MapWord FromForwardingAddress(HeapObject* object);
Expand Down
17 changes: 17 additions & 0 deletions deps/v8/test/mjsunit/regress/regress-620553.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Flags: --expose-gc

var o0 = [];
var o1 = [];
var cnt = 0;
o1.__defineGetter__(0, function() {
if (cnt++ > 2) return;
o0.shift();
gc();
o0.push(0);
o0.concat(o1);
});
o1[0];
18 changes: 18 additions & 0 deletions deps/v8/test/mjsunit/regress/regress-621869.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Flags: --expose-gc

var o0 = [];
var o1 = [];
var cnt = 0;
var only_scavenge = true;
o1.__defineGetter__(0, function() {
if (cnt++ > 2) return;
o0.shift();
gc(only_scavenge);
o0.push((64));
o0.concat(o1);
});
o1[0];