[heap] Filter slots in map space

[heap] Filter slots in map space

We mark an object allocated as uninitialized. If we happen to have a GC before
fields of a map are written, msan will observe access to unitialized memory and
crash.

This also unifies the handling as we now deal with all spaces in the same way.
In future we could parallelize clearing.

BUG=chromium:638226
R=hpayer@chromium.org

Committed: https://crrev.com/23f61424e321c5895af568f13781a8d1669e8ada
Cr-Commit-Position: refs/heads/master@{#38681}

[Michael Lippautz, 2016-08-17 11:35:30]

The CQ bit was checked by mlippautz@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-17 11:35:43]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Hannes Payer (out of office), 2016-08-17 11:51:25]

https://codereview.chromium.org/2251993002/diff/1/src/heap/remembered-set.cc
File src/heap/remembered-set.cc (right):

https://codereview.chromium.org/2251993002/diff/1/src/heap/remembered-set.cc#...
src/heap/remembered-set.cc:47: return IsValidSlot(heap, chunk, slot) ? KEEP_SLOT
: REMOVE_SLOT;
For map spaces all allocations should be map aligned. With that we could easily
calculate the start of the object cheaply. Can we add a TODO that says that and
can we fix that in a follow-up CL?

[Hannes Payer (out of office), 2016-08-17 11:51:31]

lgtm

[commit-bot: I haz the power, 2016-08-17 11:57:10]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-17 11:57:11]

Dry run: This issue passed the CQ dry run.

[Michael Lippautz, 2016-08-17 12:16:17]

https://codereview.chromium.org/2251993002/diff/1/src/heap/remembered-set.cc
File src/heap/remembered-set.cc (right):

https://codereview.chromium.org/2251993002/diff/1/src/heap/remembered-set.cc#...
src/heap/remembered-set.cc:47: return IsValidSlot(heap, chunk, slot) ? KEEP_SLOT
: REMOVE_SLOT;
On 2016/08/17 11:51:25, Hannes Payer wrote:
> For map spaces all allocations should be map aligned. With that we could
easily
> calculate the start of the object cheaply. Can we add a TODO that says that
and
> can we fix that in a follow-up CL?

Done.

[Michael Lippautz, 2016-08-17 12:16:19]

The CQ bit was checked by mlippautz@chromium.org

[Michael Lippautz, 2016-08-17 12:16:20]

The patchset sent to the CQ was uploaded after l-g-t-m from hpayer@chromium.org
Link to the patchset: https://codereview.chromium.org/2251993002/#ps20001
(title: "Added TODO")

[commit-bot: I haz the power, 2016-08-17 12:16:25]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-17 12:50:03]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2016-08-17 12:50:20]

Description was changed from

==========
[heap] Filter slots in map space

We mark an object allocated as uninitialized. If we happen to have a GC before
fields of a map are written, msan will observe access to unitialized memory and
crash.

This also unifies the handling as we now deal with all spaces in the same way.
In future we could parallelize clearing.

BUG=chromium:638226
R=hpayer@chromium.org
==========

to

==========
[heap] Filter slots in map space

We mark an object allocated as uninitialized. If we happen to have a GC before
fields of a map are written, msan will observe access to unitialized memory and
crash.

This also unifies the handling as we now deal with all spaces in the same way.
In future we could parallelize clearing.

BUG=chromium:638226
R=hpayer@chromium.org

Committed: https://crrev.com/23f61424e321c5895af568f13781a8d1669e8ada
Cr-Commit-Position: refs/heads/master@{#38681}
==========

[commit-bot: I haz the power, 2016-08-17 12:50:21]

Patchset 2 (id:??) landed as
https://crrev.com/23f61424e321c5895af568f13781a8d1669e8ada
Cr-Commit-Position: refs/heads/master@{#38681}