Oilpan: introduce eager finalization.

Source/platform/heap/Heap.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 328 matching lines @@
     // Move all pages to a list of unswept pages.
     m_firstUnsweptPage = m_firstPage;
     m_firstPage = nullptr;
 }
 
 #if defined(ADDRESS_SANITIZER)
 void BaseHeap::poisonUnmarkedObjects()
 {
     // This method is called just before starting sweeping.
     // Thus all dead objects are in the list of m_firstUnsweptPage.
-    for (BasePage* page = m_firstUnsweptPage; page; page = page->next()) {
-        page->poisonUnmarkedObjects();
+    for (BasePage* page = m_firstUnsweptPage; page; page = page->next())
+        page->poisonObjects(UnmarkedOnly, SetPoison);
+}
+
+void BaseHeap::poisonHeap(Poisoning poisoning)

[haraken, 2015/06/01 08:42:52]

I'd call this function poisonUnmarkedAndMarkedObjects, in consistency with
poisonUnmarkedObjects().

[sof, 2015/06/01 14:51:36]

Addressed (see below.)

+{
+    // TODO(sof): support poisoning of all heaps.
+    ASSERT(heapIndex() == EagerSweepHeapIndex);
+    // This method is called with SetPoison just before starting sweeping
+    // of (eager) heaps. Hence, all objects will be in m_firstUnsweptPage
+    // before start.
+    if (poisoning == SetPoison) {
+        ASSERT(!m_firstPage);
+        for (BasePage* page = m_firstUnsweptPage; page; page = page->next()) {
+            page->poisonObjects(UnmarkedOrMarked, SetPoison);
+        }
+        return;
+    }
+    ASSERT(!m_firstUnsweptPage);
+    for (BasePage* page = m_firstPage; page; page = page->next()) {
+        page->poisonObjects(UnmarkedOnly, ClearPoison);

[haraken, 2015/06/01 08:42:52]

Nit: If we call the function poisonUnmarkedAndMarkedObjects, I'd use
UnmarkedOrMarked instead of UnmarkedOnly here. There would be no behavioral
difference though.

[sof, 2015/06/01 14:51:36]

There wouldn't, but that observation made me realize that we could simplify the
exposed methods. i.e., we can instead parameterize over ObjectsToPoison and only
provide one method; I've kept that named as poisonHeap().

     }
 }
 #endif
 
 Address BaseHeap::lazySweep(size_t allocationSize, size_t gcInfoIndex)
 {
     // If there are no pages to be swept, return immediately.
     if (!m_firstUnsweptPage)
         return nullptr;
 
@@ skipping 414 matching lines @@
 {
     ASSERT(allocationSize > remainingAllocationSize());
     ASSERT(allocationSize >= allocationGranularity);
 
 #if ENABLE(GC_PROFILING)
     threadState()->snapshotFreeListIfNecessary();
 #endif
 
     // 1. If this allocation is big enough, allocate a large object.
     if (allocationSize >= largeObjectSizeThreshold) {
+        // TODO(sof): support eagerly finalized large objects, if ever needed.
+        ASSERT(heapIndex() != EagerSweepHeapIndex);

[haraken, 2015/06/01 08:42:52]

I'd use RELEASE_ASSERT, since if we hit this, we'll have a real bug.

[sof, 2015/06/01 14:51:36]

switched; to the extent there's overhead, this isn't on any allocation hot path.

         LargeObjectHeap* largeObjectHeap = static_cast<LargeObjectHeap*>(threadState()->heap(LargeObjectHeapIndex));
         Address largeObject = largeObjectHeap->allocateLargeObjectPage(allocationSize, gcInfoIndex);
         ASAN_MARK_LARGE_VECTOR_CONTAINER(this, largeObject);
         return largeObject;
     }
 
     // 2. Check if we should trigger a GC.
     updateRemainingAllocationSize();
     threadState()->scheduleGCIfNeeded();
 
@@ skipping 350 matching lines @@
             // touches any other on-heap object that die at the same GC cycle.
             ASAN_UNPOISON_MEMORY_REGION(payload, payloadSize);
             header->finalize(payload, payloadSize);
             // This memory will be added to the freelist. Maintain the invariant
             // that memory on the freelist is zero filled.
             FILL_ZERO_IF_PRODUCTION(headerAddress, size);
             ASAN_POISON_MEMORY_REGION(payload, payloadSize);
             headerAddress += size;
             continue;
         }
-
         if (startOfGap != headerAddress)
             heapForNormalPage()->addToFreeList(startOfGap, headerAddress - startOfGap);
         header->unmark();
         headerAddress += header->size();
         markedObjectSize += header->size();
         startOfGap = headerAddress;
     }
     if (startOfGap != payloadEnd())
         heapForNormalPage()->addToFreeList(startOfGap, payloadEnd() - startOfGap);
 
@@ skipping 20 matching lines @@
         } else {
             header->markDead();
         }
         headerAddress += header->size();
     }
     if (markedObjectSize)
         Heap::increaseMarkedObjectSize(markedObjectSize);
 }
 
 #if defined(ADDRESS_SANITIZER)
-void NormalPage::poisonUnmarkedObjects()
+void NormalPage::poisonObjects(ObjectsToPoison objectsToPoison, Poisoning poisoning)
 {
     for (Address headerAddress = payload(); headerAddress < payloadEnd();) {
         HeapObjectHeader* header = reinterpret_cast<HeapObjectHeader*>(headerAddress);
         ASSERT(header->size() < blinkPagePayloadSize());
         // Check if a free list entry first since we cannot call
         // isMarked on a free list entry.
         if (header->isFree()) {
             headerAddress += header->size();
             continue;
         }
         header->checkHeader();
-        if (!header->isMarked()) {
-            ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+        if (objectsToPoison == UnmarkedOrMarked || !header->isMarked()) {
+            if (poisoning == SetPoison)
+                ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+            else
+                ASAN_UNPOISON_MEMORY_REGION(header->payload(), header->payloadSize());
         }
         headerAddress += header->size();
     }
 }
 #endif
 
 void NormalPage::populateObjectStartBitMap()
 {
     memset(&m_objectStartBitMap, 0, objectStartBitMapSize);
     Address start = payload();
@@ skipping 255 matching lines @@
     HeapObjectHeader* header = heapObjectHeader();
     if (header->isMarked()) {
         header->unmark();
         Heap::increaseMarkedObjectSize(size());
     } else {
         header->markDead();
     }
 }
 
 #if defined(ADDRESS_SANITIZER)
-void LargeObjectPage::poisonUnmarkedObjects()
+void LargeObjectPage::poisonObjects(ObjectsToPoison objectsToPoison, Poisoning poisoning)
 {
     HeapObjectHeader* header = heapObjectHeader();
-    if (!header->isMarked())
-        ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+    if (objectsToPoison == UnmarkedOrMarked || !header->isMarked()) {
+        if (poisoning == SetPoison)
+            ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+        else
+            ASAN_UNPOISON_MEMORY_REGION(header->payload(), header->payloadSize());
+    }
 }
 #endif
 
 void LargeObjectPage::checkAndMarkPointer(Visitor* visitor, Address address)
 {
     ASSERT(contains(address));
     if (!containedInObjectPayload(address) || heapObjectHeader()->isDead())
         return;
 #if ENABLE(GC_PROFILING)
     visitor->setHostInfo(&address, "stack");
@@ skipping 746 matching lines @@
 size_t Heap::s_allocatedObjectSize = 0;
 size_t Heap::s_allocatedSpace = 0;
 size_t Heap::s_markedObjectSize = 0;
 // We don't want to use 0 KB for the initial value because it may end up
 // triggering the first GC of some thread too prematurely.
 size_t Heap::s_estimatedLiveObjectSize = 512 * 1024;
 size_t Heap::s_externalObjectSizeAtLastGC = 0;
 double Heap::s_estimatedMarkingTimePerByte = 0.0;
 
 } // namespace blink