Oilpan: introduce eager finalization.

Source/platform/heap/Heap.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 338 matching lines @@
 {
     ASSERT(!threadState()->isInGC());
     ASSERT(!m_firstUnsweptPage);
 
     // Move all pages to a list of unswept pages.
     m_firstUnsweptPage = m_firstPage;
     m_firstPage = nullptr;
 }
 
 #if defined(ADDRESS_SANITIZER)
-void BaseHeap::poisonUnmarkedObjects()
+void BaseHeap::poisonHeap(ObjectsToPoison objectsToPoison, Poisoning poisoning)
 {
-    // This method is called just before starting sweeping.
-    // Thus all dead objects are in the list of m_firstUnsweptPage.
-    for (BasePage* page = m_firstUnsweptPage; page; page = page->next()) {
-        page->poisonUnmarkedObjects();
+    // TODO(sof): support complete poisoning of all heaps.
+    ASSERT(objectsToPoison != MarkedAndUnmarked || heapIndex() == EagerSweepHeapIndex);
+
+    // This method may either be called to poison (SetPoison) heap
+    // object payloads prior to sweeping, or it may be called at
+    // the completion of a sweep to unpoison (ClearPoison) the
+    // objects remaining in the heap. Those will all be live and unmarked.
+    //
+    // Poisoning may be limited to unmarked objects only, or apply to all.
+    if (poisoning == SetPoison) {
+        ASSERT(!m_firstPage);
+        for (BasePage* page = m_firstUnsweptPage; page; page = page->next())
+            page->poisonObjects(objectsToPoison, poisoning);
+        return;
     }
+    // Support clearing of poisoning after sweeping has completed,
+    // in which case the pages of the live objects are reachable
+    // via m_firstPage.
+    ASSERT(!m_firstUnsweptPage);
+    for (BasePage* page = m_firstPage; page; page = page->next())
+        page->poisonObjects(objectsToPoison, poisoning);
 }
 #endif
 
 Address BaseHeap::lazySweep(size_t allocationSize, size_t gcInfoIndex)
 {
     // If there are no pages to be swept, return immediately.
     if (!m_firstUnsweptPage)
         return nullptr;
 
     RELEASE_ASSERT(threadState()->isSweepingInProgress());
@@ skipping 413 matching lines @@
 {
     ASSERT(allocationSize > remainingAllocationSize());
     ASSERT(allocationSize >= allocationGranularity);
 
 #if ENABLE(GC_PROFILING)
     threadState()->snapshotFreeListIfNecessary();
 #endif
 
     // 1. If this allocation is big enough, allocate a large object.
     if (allocationSize >= largeObjectSizeThreshold) {
+        // TODO(sof): support eagerly finalized large objects, if ever needed.
+        RELEASE_ASSERT(heapIndex() != EagerSweepHeapIndex);
         LargeObjectHeap* largeObjectHeap = static_cast<LargeObjectHeap*>(threadState()->heap(LargeObjectHeapIndex));
         Address largeObject = largeObjectHeap->allocateLargeObjectPage(allocationSize, gcInfoIndex);
         ASAN_MARK_LARGE_VECTOR_CONTAINER(this, largeObject);
         return largeObject;
     }
 
     // 2. Check if we should trigger a GC.
     updateRemainingAllocationSize();
     threadState()->scheduleGCIfNeeded();
 
@@ skipping 350 matching lines @@
             // touches any other on-heap object that die at the same GC cycle.
             ASAN_UNPOISON_MEMORY_REGION(payload, payloadSize);
             header->finalize(payload, payloadSize);
             // This memory will be added to the freelist. Maintain the invariant
             // that memory on the freelist is zero filled.
             FILL_ZERO_IF_PRODUCTION(headerAddress, size);
             ASAN_POISON_MEMORY_REGION(payload, payloadSize);
             headerAddress += size;
             continue;
         }
-
         if (startOfGap != headerAddress)
             heapForNormalPage()->addToFreeList(startOfGap, headerAddress - startOfGap);
         header->unmark();
         headerAddress += header->size();
         markedObjectSize += header->size();
         startOfGap = headerAddress;
     }
     if (startOfGap != payloadEnd())
         heapForNormalPage()->addToFreeList(startOfGap, payloadEnd() - startOfGap);
 
@@ skipping 20 matching lines @@
         } else {
             header->markDead();
         }
         headerAddress += header->size();
     }
     if (markedObjectSize)
         Heap::increaseMarkedObjectSize(markedObjectSize);
 }
 
 #if defined(ADDRESS_SANITIZER)
-void NormalPage::poisonUnmarkedObjects()
+void NormalPage::poisonObjects(ObjectsToPoison objectsToPoison, Poisoning poisoning)
 {
     for (Address headerAddress = payload(); headerAddress < payloadEnd();) {
         HeapObjectHeader* header = reinterpret_cast<HeapObjectHeader*>(headerAddress);
         ASSERT(header->size() < blinkPagePayloadSize());
         // Check if a free list entry first since we cannot call
         // isMarked on a free list entry.
         if (header->isFree()) {
             headerAddress += header->size();
             continue;
         }
         header->checkHeader();
-        if (!header->isMarked()) {
-            ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+        if (objectsToPoison == MarkedAndUnmarked || !header->isMarked()) {
+            if (poisoning == SetPoison)
+                ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+            else
+                ASAN_UNPOISON_MEMORY_REGION(header->payload(), header->payloadSize());
         }
         headerAddress += header->size();
     }
 }
 #endif
 
 void NormalPage::populateObjectStartBitMap()
 {
     memset(&m_objectStartBitMap, 0, objectStartBitMapSize);
     Address start = payload();
@@ skipping 255 matching lines @@
     HeapObjectHeader* header = heapObjectHeader();
     if (header->isMarked()) {
         header->unmark();
         Heap::increaseMarkedObjectSize(size());
     } else {
         header->markDead();
     }
 }
 
 #if defined(ADDRESS_SANITIZER)
-void LargeObjectPage::poisonUnmarkedObjects()
+void LargeObjectPage::poisonObjects(ObjectsToPoison objectsToPoison, Poisoning poisoning)
 {
     HeapObjectHeader* header = heapObjectHeader();
-    if (!header->isMarked())
-        ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+    if (objectsToPoison == MarkedAndUnmarked || !header->isMarked()) {
+        if (poisoning == SetPoison)
+            ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+        else
+            ASAN_UNPOISON_MEMORY_REGION(header->payload(), header->payloadSize());
+    }
 }
 #endif
 
 void LargeObjectPage::checkAndMarkPointer(Visitor* visitor, Address address)
 {
     ASSERT(contains(address));
     if (!containedInObjectPayload(address) || heapObjectHeader()->isDead())
         return;
 #if ENABLE(GC_PROFILING)
     visitor->setHostInfo(&address, "stack");
@@ skipping 745 matching lines @@
 size_t Heap::s_allocatedObjectSize = 0;
 size_t Heap::s_allocatedSpace = 0;
 size_t Heap::s_markedObjectSize = 0;
 // We don't want to use 0 KB for the initial value because it may end up
 // triggering the first GC of some thread too prematurely.
 size_t Heap::s_estimatedLiveObjectSize = 512 * 1024;
 size_t Heap::s_externalObjectSizeAtLastGC = 0;
 double Heap::s_estimatedMarkingTimePerByte = 0.0;
 
 } // namespace blink