src/heap/heap.cc - Issue 1701963003: Filter invalid slots after array trimming.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/heap/heap.cc

Issue 1701963003: Filter invalid slots after array trimming. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/heap/heap.cc

diff --git a/src/heap/heap.cc b/src/heap/heap.cc

index 287a93627e652722a2cf18410cabf7b34c8e2ec1..d2ae97da85788de26a4a5adecb2055bb08f5fcab 100644

--- a/src/heap/heap.cc

+++ b/src/heap/heap.cc

@@ -3144,6 +3144,11 @@ FixedArrayBase* Heap::LeftTrimFixedArray(FixedArrayBase* object,

// Maintain consistency of live bytes during incremental marking

Marking::TransferMark(this, object->address(), new_start);

+ if (mark_compact_collector()->sweeping_in_progress()) {

+ // Array trimming during sweeping can add invalid slots in free list.

+ ClearRecordedSlotRange(object, former_start,

+ HeapObject::RawField(new_object, 0));

+ }

AdjustLiveBytes(new_object, -bytes_to_trim, Heap::CONCURRENT_TO_SWEEPER);

// Notify the heap profiler of change in object layout.

@@ -3193,7 +3198,8 @@ void Heap::RightTrimFixedArray(FixedArrayBase* object, int elements_to_trim) {

}

// Calculate location of new array end.

- Address new_end = object->address() + object->Size() - bytes_to_trim;

+ Address old_end = object->address() + object->Size();

+ Address new_end = old_end - bytes_to_trim;

// Technically in new space this write might be omitted (except for

// debug mode which iterates through the heap), but to play safer

@@ -3203,6 +3209,11 @@ void Heap::RightTrimFixedArray(FixedArrayBase* object, int elements_to_trim) {

// of the object changed significantly.

if (!lo_space()->Contains(object)) {

CreateFillerObjectAt(new_end, bytes_to_trim);

+ if (mark_compact_collector()->sweeping_in_progress()) {

+ // Array trimming during sweeping can add invalid slots in free list.

+ ClearRecordedSlotRange(object, reinterpret_cast<Object**>(new_end),

+ reinterpret_cast<Object**>(old_end));

+ }

}

// Initialize header of the trimmed array. We are storing the new length

@@ -5533,6 +5544,18 @@ void Heap::ClearRecordedSlot(HeapObject* object, Object** slot) {

}

+void Heap::ClearRecordedSlotRange(HeapObject* object, Object** start,

+ Object** end) {

+ if (!InNewSpace(object)) {

+ store_buffer()->MoveEntriesToRememberedSet();

+ Address start_addr = reinterpret_cast<Address>(start);

+ Address end_addr = reinterpret_cast<Address>(end);

+ Page* page = Page::FromAddress(start_addr);

+ DCHECK_EQ(page->owner()->identity(), OLD_SPACE);

+ RememberedSet<OLD_TO_NEW>::RemoveRange(page, start_addr, end_addr);

+ }

Space* AllSpaces::next() {

switch (counter_++) {

case NEW_SPACE:

« no previous file with comments | « src/heap/heap.h ('k') | src/heap/remembered-set.h » ('j') | src/heap/slot-set.h » ('J')