Chromium Code Reviews Chromium Code Reviews
Issue 1701963003:
Filter invalid slots after array trimming. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2016 the V8 project authors. All rights reserved. | 1 // Copyright 2016 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef V8_SLOT_SET_H | 5 #ifndef V8_SLOT_SET_H |
| 6 #define V8_SLOT_SET_H | 6 #define V8_SLOT_SET_H |
| 7 | 7 |
| 8 #include "src/allocation.h" | 8 #include "src/allocation.h" |
| 9 #include "src/base/bits.h" | 9 #include "src/base/bits.h" |
| 10 | 10 |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 67 int start_bucket, start_cell, start_bit; | 67 int start_bucket, start_cell, start_bit; |
| 68 SlotToIndices(start_offset, &start_bucket, &start_cell, &start_bit); | 68 SlotToIndices(start_offset, &start_bucket, &start_cell, &start_bit); |
| 69 int end_bucket, end_cell, end_bit; | 69 int end_bucket, end_cell, end_bit; |
| 70 SlotToIndices(end_offset, &end_bucket, &end_cell, &end_bit); | 70 SlotToIndices(end_offset, &end_bucket, &end_cell, &end_bit); |
| 71 uint32_t start_mask = (1u << start_bit) - 1; | 71 uint32_t start_mask = (1u << start_bit) - 1; |
| 72 uint32_t end_mask = ~((1u << end_bit) - 1); | 72 uint32_t end_mask = ~((1u << end_bit) - 1); |
| 73 if (start_bucket == end_bucket && start_cell == end_cell) { | 73 if (start_bucket == end_bucket && start_cell == end_cell) { |
| 74 MaskCell(start_bucket, start_cell, start_mask | end_mask); | 74 MaskCell(start_bucket, start_cell, start_mask | end_mask); |
| 75 return; | 75 return; |
| 76 } | 76 } |
| 77 MaskCell(start_bucket, start_cell, start_mask); | 77 uint32_t current_bucket = start_bucket; |
|
ulan
2016/02/16 19:42:25
Rewrote these parts to make invariants more obviou
| |
| 78 start_cell++; | 78 uint32_t current_cell = start_cell; |
| 79 if (bucket[start_bucket] != nullptr && start_bucket < end_bucket) { | 79 MaskCell(current_bucket, current_cell, start_mask); |
| 80 while (start_cell < kCellsPerBucket) { | 80 current_cell++; |
| 81 bucket[start_bucket][start_cell] = 0; | 81 if (bucket[current_bucket] != nullptr && current_bucket < end_bucket) { |
| 82 start_cell++; | 82 while (current_cell < kCellsPerBucket) { |
| 83 bucket[current_bucket][current_cell] = 0; | |
| 84 current_cell++; | |
| 83 } | 85 } |
| 86 // The current bucket is cleared. Move on to the next bucket. | |
| 87 current_bucket++; | |
| 88 current_cell = 0; | |
|
ulan
2016/02/16 19:42:25
This was the bug in this function.
| |
| 84 } | 89 } |
| 85 while (start_bucket < end_bucket) { | 90 DCHECK(current_bucket == end_bucket || |
| 86 delete[] bucket[start_bucket]; | 91 (current_bucket < end_bucket && current_cell == 0)); |
| 87 bucket[start_bucket] = nullptr; | 92 while (current_bucket < end_bucket) { |
| 88 start_bucket++; | 93 delete[] bucket[current_bucket]; |
| 94 bucket[current_bucket] = nullptr; | |
| 95 current_bucket++; | |
| 89 } | 96 } |
| 90 if (start_bucket < kBuckets && bucket[start_bucket] != nullptr) { | 97 // All buckets between start_bucket and end_bucket are cleared. |
| 91 while (start_cell < end_cell) { | 98 DCHECK(current_bucket == end_bucket && current_cell <= end_cell); |
| 92 bucket[start_bucket][start_cell] = 0; | 99 if (current_bucket == kBuckets || bucket[current_bucket] == nullptr) { |
| 93 start_cell++; | 100 return; |
| 94 } | |
| 95 } | 101 } |
| 96 if (end_bucket < kBuckets) { | 102 while (current_cell < end_cell) { |
| 97 MaskCell(end_bucket, end_cell, end_mask); | 103 bucket[current_bucket][current_cell] = 0; |
| 104 current_cell++; | |
| 98 } | 105 } |
| 106 // All cells between start_cell and end_cell are cleared. | |
| 107 DCHECK(current_bucket == end_bucket && current_cell == end_cell); | |
| 108 MaskCell(end_bucket, end_cell, end_mask); | |
| 99 } | 109 } |
| 100 | 110 |
| 101 // The slot offset specifies a slot at address page_start_ + slot_offset. | 111 // The slot offset specifies a slot at address page_start_ + slot_offset. |
| 102 bool Lookup(int slot_offset) { | 112 bool Lookup(int slot_offset) { |
| 103 int bucket_index, cell_index, bit_index; | 113 int bucket_index, cell_index, bit_index; |
| 104 SlotToIndices(slot_offset, &bucket_index, &cell_index, &bit_index); | 114 SlotToIndices(slot_offset, &bucket_index, &cell_index, &bit_index); |
| 105 if (bucket[bucket_index] != nullptr) { | 115 if (bucket[bucket_index] != nullptr) { |
| 106 uint32_t cell = bucket[bucket_index][cell_index]; | 116 uint32_t cell = bucket[bucket_index][cell_index]; |
| 107 return (cell & (1u << bit_index)) != 0; | 117 return (cell & (1u << bit_index)) != 0; |
| 108 } | 118 } |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 198 } | 208 } |
| 199 | 209 |
| 200 uint32_t* bucket[kBuckets]; | 210 uint32_t* bucket[kBuckets]; |
| 201 Address page_start_; | 211 Address page_start_; |
| 202 }; | 212 }; |
| 203 | 213 |
| 204 } // namespace internal | 214 } // namespace internal |
| 205 } // namespace v8 | 215 } // namespace v8 |
| 206 | 216 |
| 207 #endif // V8_SLOT_SET_H | 217 #endif // V8_SLOT_SET_H |
| OLD | NEW |
