Ensure that promotion queue does not overlap with objects relocated to ToSpace.

src/heap.h

 // Copyright 2011 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 264 matching lines @@
 
 #ifdef DEBUG
 class HeapDebugUtils;
 #endif
 
 
 // A queue of objects promoted during scavenge. Each object is accompanied
 // by it's size to avoid dereferencing a map pointer for scanning.
 class PromotionQueue {
  public:
-  PromotionQueue() : front_(NULL), rear_(NULL) { }
+  PromotionQueue()
+      : front_(NULL), rear_(NULL), limit_(NULL), emergency_stack_(0) { }
 
-  void Initialize(Address start_address) {
+  void Initialize(NewSpace* new_space) {
     // Assumes that a NewSpacePage exactly fits a number of promotion queue
     // entries (where each is a pair of intptr_t). This allows us to simplify
     // the test fpr when to switch pages.
     ASSERT((Page::kPageSize - MemoryChunk::kBodyOffset) % (2 * kPointerSize)
            == 0);
-    ASSERT(NewSpacePage::IsAtEnd(start_address));
-    front_ = rear_ = reinterpret_cast<intptr_t*>(start_address);
+    limit_ = reinterpret_cast<intptr_t*>(new_space->ToSpaceStart());
+    front_ = rear_ = reinterpret_cast<intptr_t*>(new_space->ToSpaceEnd());
+    emergency_stack_ = NULL;
   }
 
-  bool is_empty() { return front_ == rear_; }
+  void Destroy() {
+    delete emergency_stack_;

[Erik Corry, 2011/11/07 16:35:25]

I would be more comfortable if you also nulled it.
Perhaps also assert that it is empty.

+  }
+
+  void SetNewLimit(Address limit);
+
+  bool is_empty() {
+    return (front_ == rear_) &&
+        (emergency_stack_ == NULL || emergency_stack_->length() == 0);
+  }
 
   inline void insert(HeapObject* target, int size);
 
   void remove(HeapObject** target, int* size) {
     ASSERT(!is_empty());
+    if (front_ == rear_) {
+      Entry e = emergency_stack_->RemoveLast();
+      *target = e.obj_;
+      *size = e.size_;
+      return;
+    }
+
     if (NewSpacePage::IsAtStart(reinterpret_cast<Address>(front_))) {
       NewSpacePage* front_page =
           NewSpacePage::FromAddress(reinterpret_cast<Address>(front_));
       ASSERT(!front_page->prev_page()->is_anchor());
       front_ =
           reinterpret_cast<intptr_t*>(front_page->prev_page()->body_limit());
     }
     *target = reinterpret_cast<HeapObject*>(*(--front_));
     *size = static_cast<int>(*(--front_));
     // Assert no underflow.
     SemiSpace::AssertValidRange(reinterpret_cast<Address>(rear_),
                                 reinterpret_cast<Address>(front_));
   }
 
  private:
   // The front of the queue is higher in the memory page chain than the rear.
   intptr_t* front_;
   intptr_t* rear_;
+  intptr_t* limit_;
+
+  static const int kEntrySizeInWords = 2;
+
+  struct Entry {
+    Entry(HeapObject* obj, int size) : obj_(obj), size_(size) { }
+
+    HeapObject* obj_;
+    int size_;
+  };
+  List<Entry>* emergency_stack_;
+
+  void RelocateQueueHead();
 
   DISALLOW_COPY_AND_ASSIGN(PromotionQueue);
 };
 
 
 typedef void (*ScavengingCallback)(Map* map,
                                    HeapObject** slot,
                                    HeapObject* object);
 
 
@@ skipping 2147 matching lines @@
 
   DISALLOW_IMPLICIT_CONSTRUCTORS(PathTracer);
 };
 #endif  // DEBUG || LIVE_OBJECT_LIST
 
 } }  // namespace v8::internal
 
 #undef HEAP
 
 #endif  // V8_HEAP_H_