Oilpan: introduce eager finalization.

Source/platform/heap/Heap.cpp

Index: Source/platform/heap/Heap.cpp
diff --git a/Source/platform/heap/Heap.cpp b/Source/platform/heap/Heap.cpp
index d1f421585fb0f096e10c0b5788c4f529fdfcdc4b..9d4ebb3a7316054ec38195e8619df721168de7cd 100644
--- a/Source/platform/heap/Heap.cpp
+++ b/Source/platform/heap/Heap.cpp
@@ -334,7 +334,24 @@ void BaseHeap::poisonUnmarkedObjects()
     // This method is called just before starting sweeping.
     // Thus all dead objects are in the list of m_firstUnsweptPage.
     for (BasePage* page = m_firstUnsweptPage; page; page = page->next()) {
-        page->poisonUnmarkedObjects();
+        page->poisonObjects(BasePage::UnmarkedOnly, BasePage::SetPoison);
+    }
+}
+
+void BaseHeap::poisonHeap(bool setPoison)

[haraken, 2015/05/28 12:30:04]

poisonHeap => poisonEagerHeap

I'd use SetPoison/ClearPoison instead of bool.

[sof, 2015/05/29 21:25:07]

Moved enums around to make that possible.

Keeping it as poisonHeap(), for reasons mentioned below.

+{
+    ASSERT(heapIndex() == EagerSweepHeapIndex);
+    // This method is called just before starting sweeping
+    // of eager heaps. Hence, all objects will be in
+    // m_firstUnsweptPage before start.
+    if (setPoison) {
+        for (BasePage* page = m_firstUnsweptPage; page; page = page->next()) {

[haraken, 2015/05/28 12:30:04]

Add ASSERT(!m_firstPage).

[sof, 2015/05/29 21:25:07]

Done.

+            page->poisonObjects(BasePage::UnmarkedOrMarked, BasePage::SetPoison);

[haraken, 2015/05/28 12:30:04]

Why do we need to poison marked objects? I'm ok with this, but I'm wondering why
we need it because we're not poisoning marked objects for other heaps.

[sof, 2015/05/29 21:25:07]

You're not allowed to touch other eagerly finalized objects. By poisoning the
live objects also, we catch not only accesses to other eagerly finalized objects
that happen to have been finalized already, but all.

This wouldn't work for lazy sweeping, as the mutator gains access to the live
objects earlier, but I believe we can do something similar for 'normal' complete
sweeps of the other heaps also. That's why I would prefer to keep this named
poisonHeap().

(This follows up the suggestion made in
https://codereview.chromium.org/1159583002/#msg14 )

+        }
+        return;
+    }
+    for (BasePage* page = m_firstPage; page; page = page->next()) {
+        page->poisonObjects(BasePage::UnmarkedOnly, BasePage::ClearPoison);

[haraken, 2015/05/28 12:30:04]

Who unpoisons the marked objects that have been poisoned at line 349?

[sof, 2015/05/29 21:25:07]

This very loop when poisonHeap() is called on the eager heap afterwards to clear
the poisoning. The live objects have all been unmarked at this stage.

     }
 }
 #endif
@@ -769,6 +786,8 @@ Address NormalPageHeap::outOfLineAllocate(size_t allocationSize, size_t gcInfoIn
 
     // 1. If this allocation is big enough, allocate a large object.
     if (allocationSize >= largeObjectSizeThreshold) {
+        // TODO(sof): support eagerly finalized large objects, if ever needed.
+        ASSERT(heapIndex() != EagerSweepHeapIndex);
         LargeObjectHeap* largeObjectHeap = static_cast<LargeObjectHeap*>(threadState()->heap(LargeObjectHeapIndex));
         Address largeObject = largeObjectHeap->allocateLargeObjectPage(allocationSize, gcInfoIndex);
         ASAN_MARK_LARGE_VECTOR_CONTAINER(this, largeObject);
@@ -1139,7 +1158,6 @@ void NormalPage::sweep()
             headerAddress += size;
             continue;
         }
-
         if (startOfGap != headerAddress)
             heapForNormalPage()->addToFreeList(startOfGap, headerAddress - startOfGap);
         header->unmark();
@@ -1180,7 +1198,7 @@ void NormalPage::markUnmarkedObjectsDead()
 }
 
 #if defined(ADDRESS_SANITIZER)
-void NormalPage::poisonUnmarkedObjects()
+void NormalPage::poisonObjects(ObjectsToPoison objectsToPoison, Poisoning poisoning)
 {
     for (Address headerAddress = payload(); headerAddress < payloadEnd();) {
         HeapObjectHeader* header = reinterpret_cast<HeapObjectHeader*>(headerAddress);
@@ -1192,8 +1210,11 @@ void NormalPage::poisonUnmarkedObjects()
             continue;
         }
         header->checkHeader();
-        if (!header->isMarked()) {
-            ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+        if (objectsToPoison == UnmarkedOrMarked || !header->isMarked()) {
+            if (poisoning == SetPoison)
+                ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+            else
+                ASAN_UNPOISON_MEMORY_REGION(header->payload(), header->payloadSize());
         }
         headerAddress += header->size();
     }
@@ -1469,11 +1490,15 @@ void LargeObjectPage::markUnmarkedObjectsDead()
 }
 
 #if defined(ADDRESS_SANITIZER)
-void LargeObjectPage::poisonUnmarkedObjects()
+void LargeObjectPage::poisonObjects(ObjectsToPoison objectsToPoison, Poisoning poisoning)
 {
     HeapObjectHeader* header = heapObjectHeader();
-    if (!header->isMarked())
-        ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+    if (objectsToPoison == UnmarkedOrMarked || !header->isMarked()) {
+        if (poisoning == BasePage::SetPoison)
+            ASAN_POISON_MEMORY_REGION(header->payload(), header->payloadSize());
+        else
+            ASAN_UNPOISON_MEMORY_REGION(header->payload(), header->payloadSize());
+    }
 }
 #endif