| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/heap/mark-compact.h" | 5 #include "src/heap/mark-compact.h" |
| 6 | 6 |
| 7 #include "src/base/atomicops.h" | 7 #include "src/base/atomicops.h" |
| 8 #include "src/base/bits.h" | 8 #include "src/base/bits.h" |
| 9 #include "src/base/sys-info.h" | 9 #include "src/base/sys-info.h" |
| 10 #include "src/code-stubs.h" | 10 #include "src/code-stubs.h" |
| (...skipping 3622 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3633 static SlotCallbackResult CheckAndUpdateOldToNewSlot(Heap* heap, | 3633 static SlotCallbackResult CheckAndUpdateOldToNewSlot(Heap* heap, |
| 3634 Address slot_address) { | 3634 Address slot_address) { |
| 3635 Object** slot = reinterpret_cast<Object**>(slot_address); | 3635 Object** slot = reinterpret_cast<Object**>(slot_address); |
| 3636 if (heap->InFromSpace(*slot)) { | 3636 if (heap->InFromSpace(*slot)) { |
| 3637 HeapObject* heap_object = reinterpret_cast<HeapObject*>(*slot); | 3637 HeapObject* heap_object = reinterpret_cast<HeapObject*>(*slot); |
| 3638 DCHECK(heap_object->IsHeapObject()); | 3638 DCHECK(heap_object->IsHeapObject()); |
| 3639 MapWord map_word = heap_object->map_word(); | 3639 MapWord map_word = heap_object->map_word(); |
| 3640 // There could still be stale pointers in large object space, map space, | 3640 // There could still be stale pointers in large object space, map space, |
| 3641 // and old space for pages that have been promoted. | 3641 // and old space for pages that have been promoted. |
| 3642 if (map_word.IsForwardingAddress()) { | 3642 if (map_word.IsForwardingAddress()) { |
| 3643 // A sweeper thread may concurrently write a size value which looks like |
| 3644 // a forwarding pointer. We have to ignore these values. |
| 3645 if (map_word.ToRawValue() < Page::kPageSize) { |
| 3646 return REMOVE_SLOT; |
| 3647 } |
| 3643 // Update the corresponding slot. | 3648 // Update the corresponding slot. |
| 3644 *slot = map_word.ToForwardingAddress(); | 3649 *slot = map_word.ToForwardingAddress(); |
| 3645 } | 3650 } |
| 3646 // If the object was in from space before and is after executing the | 3651 // If the object was in from space before and is after executing the |
| 3647 // callback in to space, the object is still live. | 3652 // callback in to space, the object is still live. |
| 3648 // Unfortunately, we do not know about the slot. It could be in a | 3653 // Unfortunately, we do not know about the slot. It could be in a |
| 3649 // just freed free space object. | 3654 // just freed free space object. |
| 3650 if (heap->InToSpace(*slot)) { | 3655 if (heap->InToSpace(*slot)) { |
| 3651 return KEEP_SLOT; | 3656 return KEEP_SLOT; |
| 3652 } | 3657 } |
| (...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4008 // The target is always in old space, we don't have to record the slot in | 4013 // The target is always in old space, we don't have to record the slot in |
| 4009 // the old-to-new remembered set. | 4014 // the old-to-new remembered set. |
| 4010 DCHECK(!heap()->InNewSpace(target)); | 4015 DCHECK(!heap()->InNewSpace(target)); |
| 4011 RecordRelocSlot(host, &rinfo, target); | 4016 RecordRelocSlot(host, &rinfo, target); |
| 4012 } | 4017 } |
| 4013 } | 4018 } |
| 4014 } | 4019 } |
| 4015 | 4020 |
| 4016 } // namespace internal | 4021 } // namespace internal |
| 4017 } // namespace v8 | 4022 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2416563002:
[heap] Fix forwarding pointer race between sweeper threads and pointer updating threads. (Closed)
