Oilpan: Discard unused system pages when sweeping NormalPageHeaps

third_party/WebKit/Source/platform/heap/HeapPage.cpp

Index: third_party/WebKit/Source/platform/heap/HeapPage.cpp
diff --git a/third_party/WebKit/Source/platform/heap/HeapPage.cpp b/third_party/WebKit/Source/platform/heap/HeapPage.cpp
index 637100d5f8eb42d30327a9ce160010aaeeb1702a..b48a6664253a2995b5cae78020a84df58da1e716 100644
--- a/third_party/WebKit/Source/platform/heap/HeapPage.cpp
+++ b/third_party/WebKit/Source/platform/heap/HeapPage.cpp
@@ -99,8 +99,17 @@ void HeapObjectHeader::zapMagic()
 void HeapObjectHeader::finalize(Address object, size_t objectSize)
 {
     const GCInfo* gcInfo = Heap::gcInfo(gcInfoIndex());
-    if (gcInfo->hasFinalizer())
+    if (!gcInfo) {
+        fprintf(stderr, "gcInfoIndex = %ld\n", gcInfoIndex());
+        RELEASE_ASSERT(0);
+    }
+    fprintf(stderr, "header=%p gcInfo=%p index=%ld\n", this, gcInfo, gcInfoIndex());
+    if (gcInfo->hasFinalizer()) {

[haraken, 2016/02/08 08:34:56]

I crash here with the following log:

header=0x307fed8420b0 gcInfo=0x40bda50 index=279
not hasFinalizer
header=0x307fed8420d8 gcInfo=0x40bda50 index=279
not hasFinalizer
header=0x307fed842100 gcInfo=0x40bda50 index=279
not hasFinalizer
header=0x307fed842128 gcInfo=0x40bda50 index=279
not hasFinalizer
header=0x307fed842150 gcInfo=0x40bda50 index=279
not hasFinalizer
header=0x307fed842188 gcInfo=0x40bda50 index=279
not hasFinalizer
trying to discard 0x307fed841d80 - 0x307fed846b98
discarded 307fed842000 - 307fed846000 size=16384
trying to discard 0x307fed846be8 - 0x307fed846d38
trying to discard 0x307fed846d88 - 0x307fed846fb0
header=0x307fed847000 gcInfo=0x3333333333333333 index=0

This means that the header at 0x307fed847000 has been already cleared out.
However, the previous discarding was conducted for [307fed842000, 307fed846000),
which doesn't contain 0x307fed847000. It's strange that 0x307fed847000 is
cleared out...

+        fprintf(stderr, "hasFinalizer\n");
         gcInfo->m_finalize(object);
+    } else {
+        fprintf(stderr, "not hasFinalizer\n");
+    }
 
     ASAN_RETIRE_CONTAINER_ANNOTATION(object, objectSize);
 }
@@ -1104,19 +1113,32 @@ void NormalPage::removeFromHeap()
     heapForNormalPage()->freePage(this);
 }
 
+#if !ENABLE(ASSERT) && !defined(LEAK_SANITIZER) && !defined(ADDRESS_SANITIZER)
+static void discardPages(Address begin, Address end)
+{
+    uintptr_t beginAddress = WTF::roundUpToSystemPage(reinterpret_cast<uintptr_t>(begin));
+    uintptr_t endAddress = WTF::roundDownToSystemPage(reinterpret_cast<uintptr_t>(end));
+    fprintf(stderr, "trying to discard %p - %p\n", begin, end);
+    if (beginAddress < endAddress) {
+        WTF::discardSystemPages(reinterpret_cast<void*>(beginAddress), endAddress - beginAddress);
+        fprintf(stderr, "discarded %lx - %lx size=%ld\n", beginAddress, endAddress, endAddress - beginAddress);
+    }
+}
+#endif
+
 void NormalPage::sweep()
 {
     size_t markedObjectSize = 0;
     Address startOfGap = payload();
     for (Address headerAddress = startOfGap; headerAddress < payloadEnd(); ) {
         HeapObjectHeader* header = reinterpret_cast<HeapObjectHeader*>(headerAddress);
-        ASSERT(header->size() > 0);
-        ASSERT(header->size() < blinkPagePayloadSize());
+        size_t size = header->size();
+        ASSERT(size > 0);
+        ASSERT(size < blinkPagePayloadSize());
 
         if (header->isPromptlyFreed())
-            heapForNormalPage()->decreasePromptlyFreedSize(header->size());
+            heapForNormalPage()->decreasePromptlyFreedSize(size);
         if (header->isFree()) {
-            size_t size = header->size();
             // Zero the memory in the free list header to maintain the
             // invariant that memory on the free list is zero filled.
             // The rest of the memory is already on the free list and is
@@ -1129,7 +1151,6 @@ void NormalPage::sweep()
         ASSERT(header->checkHeader());
 
         if (!header->isMarked()) {
-            size_t size = header->size();
             // This is a fast version of header->payloadSize().
             size_t payloadSize = size - sizeof(HeapObjectHeader);
             Address payload = header->payload();
@@ -1146,15 +1167,23 @@ void NormalPage::sweep()
             headerAddress += size;
             continue;
         }
-        if (startOfGap != headerAddress)
+        if (startOfGap != headerAddress) {
             heapForNormalPage()->addToFreeList(startOfGap, headerAddress - startOfGap);
+#if !ENABLE(ASSERT) && !defined(LEAK_SANITIZER) && !defined(ADDRESS_SANITIZER)
+            discardPages(startOfGap, headerAddress);
+#endif
+        }
         header->unmark();
-        headerAddress += header->size();
-        markedObjectSize += header->size();
+        headerAddress += size;
+        markedObjectSize += size;
         startOfGap = headerAddress;
     }
-    if (startOfGap != payloadEnd())
+    if (startOfGap != payloadEnd()) {
         heapForNormalPage()->addToFreeList(startOfGap, payloadEnd() - startOfGap);
+#if !ENABLE(ASSERT) && !defined(LEAK_SANITIZER) && !defined(ADDRESS_SANITIZER)
+        discardPages(startOfGap, payloadEnd());
+#endif
+    }
 
     if (markedObjectSize)
         Heap::increaseMarkedObjectSize(markedObjectSize);