src/heap/slot-set.h - Issue 1701963003: Filter invalid slots after array trimming.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/heap/slot-set.h

Issue 1701963003: Filter invalid slots after array trimming. (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master

Patch Set: Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/heap/slot-set.h

diff --git a/src/heap/slot-set.h b/src/heap/slot-set.h

index 9b154e5cbcc3714521dc50458c8c2526e91275f0..48cd4534a366c722c9d18ebdb04f261ca422988b 100644

--- a/src/heap/slot-set.h

+++ b/src/heap/slot-set.h

@@ -74,28 +74,38 @@ class SlotSet : public Malloced {

MaskCell(start_bucket, start_cell, start_mask | end_mask);

return;

}

- MaskCell(start_bucket, start_cell, start_mask);

- start_cell++;

- if (bucket[start_bucket] != nullptr && start_bucket < end_bucket) {

- while (start_cell < kCellsPerBucket) {

- bucket[start_bucket][start_cell] = 0;

- start_cell++;

+ uint32_t current_bucket = start_bucket;

ulan 2016/02/16 19:42:25 Rewrote these parts to make invariants more obviou

+ uint32_t current_cell = start_cell;

+ MaskCell(current_bucket, current_cell, start_mask);

+ current_cell++;

+ if (bucket[current_bucket] != nullptr && current_bucket < end_bucket) {

+ while (current_cell < kCellsPerBucket) {

+ bucket[current_bucket][current_cell] = 0;

+ current_cell++;

}

+ // The current bucket is cleared. Move on to the next bucket.

+ current_bucket++;

+ current_cell = 0;

ulan 2016/02/16 19:42:25 This was the bug in this function.

}

- while (start_bucket < end_bucket) {

- delete[] bucket[start_bucket];

- bucket[start_bucket] = nullptr;

- start_bucket++;

+ DCHECK(current_bucket == end_bucket ||

+ (current_bucket < end_bucket && current_cell == 0));

+ while (current_bucket < end_bucket) {

+ delete[] bucket[current_bucket];

+ bucket[current_bucket] = nullptr;

+ current_bucket++;

}

- if (start_bucket < kBuckets && bucket[start_bucket] != nullptr) {

- while (start_cell < end_cell) {

- bucket[start_bucket][start_cell] = 0;

- start_cell++;

- }

+ // All buckets between start_bucket and end_bucket are cleared.

+ DCHECK(current_bucket == end_bucket && current_cell <= end_cell);

+ if (current_bucket == kBuckets || bucket[current_bucket] == nullptr) {

+ return;

}

- if (end_bucket < kBuckets) {

- MaskCell(end_bucket, end_cell, end_mask);

+ while (current_cell < end_cell) {

+ bucket[current_bucket][current_cell] = 0;

+ current_cell++;

}

+ // All cells between start_cell and end_cell are cleared.

+ DCHECK(current_bucket == end_bucket && current_cell == end_cell);

+ MaskCell(end_bucket, end_cell, end_mask);

}

// The slot offset specifies a slot at address page_start_ + slot_offset.

« no previous file with comments | « src/heap/remembered-set.h ('k') | test/cctest/heap/heap-tester.h » ('j') | test/cctest/heap/test-heap.cc » ('J')