Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/heap/heap-inl.h

Issue 2179033005: [heap] Don't consider mementos on pages below age mark (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-631050.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef V8_HEAP_HEAP_INL_H_ 5 #ifndef V8_HEAP_HEAP_INL_H_
6 #define V8_HEAP_HEAP_INL_H_ 6 #define V8_HEAP_HEAP_INL_H_
7 7
8 #include <cmath> 8 #include <cmath>
9 9
10 #include "src/base/platform/platform.h" 10 #include "src/base/platform/platform.h"
(...skipping 461 matching lines...) Expand 10 before | Expand all | Expand 10 after
472 return false; 472 return false;
473 } 473 }
474 474
475 void Heap::CopyBlock(Address dst, Address src, int byte_size) { 475 void Heap::CopyBlock(Address dst, Address src, int byte_size) {
476 CopyWords(reinterpret_cast<Object**>(dst), reinterpret_cast<Object**>(src), 476 CopyWords(reinterpret_cast<Object**>(dst), reinterpret_cast<Object**>(src),
477 static_cast<size_t>(byte_size / kPointerSize)); 477 static_cast<size_t>(byte_size / kPointerSize));
478 } 478 }
479 479
480 template <Heap::FindMementoMode mode> 480 template <Heap::FindMementoMode mode>
481 AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) { 481 AllocationMemento* Heap::FindAllocationMemento(HeapObject* object) {
482 // Check if there is potentially a memento behind the object. If
483 // the last word of the memento is on another page we return
484 // immediately.
485 Address object_address = object->address(); 482 Address object_address = object->address();
486 Address memento_address = object_address + object->Size(); 483 Address memento_address = object_address + object->Size();
487 Address last_memento_word_address = memento_address + kPointerSize; 484 Address last_memento_word_address = memento_address + kPointerSize;
488 if (!Page::OnSamePage(object_address, last_memento_word_address)) { 485 Page* object_page = Page::FromAddress(object_address);
486 // If the memento would be on another page, bail out immediately.
487 if ((object_page != Page::FromAddress(last_memento_word_address))) {
Hannes Payer (out of office) 2016/07/27 08:34:34 Can you leave the original check unchanged?
Michael Lippautz 2016/07/27 11:12:07 Done.
489 return nullptr; 488 return nullptr;
490 } 489 }
491 HeapObject* candidate = HeapObject::FromAddress(memento_address); 490 HeapObject* candidate = HeapObject::FromAddress(memento_address);
492 Map* candidate_map = candidate->map(); 491 Map* candidate_map = candidate->map();
493 // This fast check may peek at an uninitialized word. However, the slow check 492 // This fast check may peek at an uninitialized word. However, the slow check
494 // below (memento_address == top) ensures that this is safe. Mark the word as 493 // below (memento_address == top) ensures that this is safe. Mark the word as
495 // initialized to silence MemorySanitizer warnings. 494 // initialized to silence MemorySanitizer warnings.
496 MSAN_MEMORY_IS_INITIALIZED(&candidate_map, sizeof(candidate_map)); 495 MSAN_MEMORY_IS_INITIALIZED(&candidate_map, sizeof(candidate_map));
497 if (candidate_map != allocation_memento_map()) { 496 if (candidate_map != allocation_memento_map()) {
498 return nullptr; 497 return nullptr;
499 } 498 }
499
500 // If the memento is below the age mark, which can happen when mementos
501 // survived because a page got moved within new space, bail out.
502 if (object_page->IsFlagSet(MemoryChunk::NEW_SPACE_BELOW_AGE_MARK)) {
503 return nullptr;
504 }
505
500 AllocationMemento* memento_candidate = AllocationMemento::cast(candidate); 506 AllocationMemento* memento_candidate = AllocationMemento::cast(candidate);
501 507
502 // Depending on what the memento is used for, we might need to perform 508 // Depending on what the memento is used for, we might need to perform
503 // additional checks. 509 // additional checks.
504 Address top; 510 Address top;
505 switch (mode) { 511 switch (mode) {
506 case Heap::kForGC: 512 case Heap::kForGC:
507 return memento_candidate; 513 return memento_candidate;
508 case Heap::kForRuntime: 514 case Heap::kForRuntime:
509 if (memento_candidate == nullptr) return nullptr; 515 if (memento_candidate == nullptr) return nullptr;
(...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after
762 768
763 void VerifySmisVisitor::VisitPointers(Object** start, Object** end) { 769 void VerifySmisVisitor::VisitPointers(Object** start, Object** end) {
764 for (Object** current = start; current < end; current++) { 770 for (Object** current = start; current < end; current++) {
765 CHECK((*current)->IsSmi()); 771 CHECK((*current)->IsSmi());
766 } 772 }
767 } 773 }
768 } // namespace internal 774 } // namespace internal
769 } // namespace v8 775 } // namespace v8
770 776
771 #endif // V8_HEAP_HEAP_INL_H_ 777 #endif // V8_HEAP_HEAP_INL_H_
OLDNEW
« no previous file with comments | « no previous file | test/mjsunit/regress/regress-631050.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698