Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(109)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/objects-visiting-inl.h

Issue 144003007: Always record all the slots of descriptor arrays to avoid crashes due to (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Only record the slots once Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/objects-visiting-inl.h
diff --git a/src/objects-visiting-inl.h b/src/objects-visiting-inl.h
index 5201a7b3180ecd2a8ad593f2b68aebc53e5bfa7a..4e7771b3302f1c4358a30b30cb9b4612d6612932 100644
--- a/src/objects-visiting-inl.h
+++ b/src/objects-visiting-inl.h
@@ -628,8 +628,23 @@ void StaticMarkingVisitor<StaticVisitor>::MarkMapContents(
// holding the descriptor array will be implicitly recorded when the pointer
// fields of this map are visited.
DescriptorArray* descriptors = map->instance_descriptors();
+ MarkCompactCollector* collector = heap->mark_compact_collector();
+
Michael Starzinger 2014/01/21 18:07:41 nit: Please drop the empty newline. The comment ab
if (StaticVisitor::MarkObjectWithoutPush(heap, descriptors) &&
descriptors->length() > 0) {
+ // Record all keys and values in the descriptor array to ensure that they
+ // are updated if they are on evacuation candidates and are alive, but the
+ // descriptor array is not yet installed in the map that's adding the
+ // descriptors.
+ for (int i = 0; i < descriptors->number_of_descriptors(); i++) {
+ Object** key_slot = descriptors->GetKeySlot(i);
+ ASSERT((*key_slot)->IsHeapObject());
+ collector->RecordSlot(key_slot, key_slot, *key_slot);
+ Object** value_slot = descriptors->GetValueSlot(i);
+ if ((*value_slot)->IsHeapObject()) {
+ collector->RecordSlot(value_slot, value_slot, *value_slot);
+ }
+ }
StaticVisitor::VisitPointers(heap,
Michael Starzinger 2014/01/21 18:07:41 Can we move the visiting of the header slots to be
descriptors->GetFirstElementAddress(),
descriptors->GetDescriptorEndSlot(0));
@@ -640,6 +655,13 @@ void StaticMarkingVisitor<StaticVisitor>::MarkMapContents(
StaticVisitor::VisitPointers(heap,
Michael Starzinger 2014/01/21 18:07:41 The call to VisitPointers here is obsolete.
descriptors->GetDescriptorStartSlot(start),
descriptors->GetDescriptorEndSlot(end));
+ for (Object** p = descriptors->GetDescriptorStartSlot(start);
+ p < descriptors->GetDescriptorEndSlot(end);
+ p++) {
+ if ((*p)->IsHeapObject()) {
+ StaticVisitor::MarkObject(heap, HeapObject::cast(*p));
+ }
+ }
}
// Mark prototype dependent codes array but do not push it onto marking
@@ -647,7 +669,7 @@ void StaticMarkingVisitor<StaticVisitor>::MarkMapContents(
// codes when we iterate over maps in ClearNonLiveTransitions.
Object** slot = HeapObject::RawField(map, Map::kDependentCodeOffset);
HeapObject* obj = HeapObject::cast(*slot);
- heap->mark_compact_collector()->RecordSlot(slot, slot, obj);
+ collector->RecordSlot(slot, slot, obj);
StaticVisitor::MarkObjectWithoutPush(heap, obj);
// Mark the pointer fields of the Map. Since the transitions array has
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698