[heap] Ensure that the sweeper does not lose unswept pages.

[heap] Ensure that the sweeper does not lose unswept pages.

This fixes a race between the sweeper and the array buffer tracker
that causes the sweeper to skip unswept pages.

The scenario:
1. Mark-compact GC adds page p to the sweeping_list_ of the sweeper.
2. GC finishes, the main thread starts executinng JS.
3. The main thread takes p->mutex to unregister an array buffer.
4. A sweeper thread removes p from the sweeping_list_ and tries to
   take p->mutex. The try fails. The sweeper drops p and continues
   to the next page.
5. During selection of evacuation candidate in the next GC we hit
   page->SweepingDone() assert.

BUG=chromium:650314
Committed: https://crrev.com/b621987195cdb1b2031809d9f10aff3005190161
Cr-Commit-Position: refs/heads/master@{#40857}

[ulan, 2016-11-09 11:41:35]

Description was changed from

==========
[heap] Ensure that sweeper does not lose unswept pages.

This fixes a race between the sweeper and the array buffer tracker
that causes the sweeper to skip unswept pages.

The scenario:
1. Mark-compact GC adds page p to the sweeping_list_ of the sweeper.
2. GC finishes, the main thread starts executinng JS.
3. The main thread takes p->mutex to unregister an array buffer.
4. A sweeper thread removes p from the sweeping_list_ and tries to
   take p->mutex. The try fails. The sweeper drops p and continues
   to the next page.
5. During selection of evacuation candidate in the next GC we hit
   page->SweepingDone() assert.

BUG=chromium:650314
==========

to

==========
[heap] Ensure that the sweeper does not lose unswept pages.

This fixes a race between the sweeper and the array buffer tracker
that causes the sweeper to skip unswept pages.

The scenario:
1. Mark-compact GC adds page p to the sweeping_list_ of the sweeper.
2. GC finishes, the main thread starts executinng JS.
3. The main thread takes p->mutex to unregister an array buffer.
4. A sweeper thread removes p from the sweeping_list_ and tries to
   take p->mutex. The try fails. The sweeper drops p and continues
   to the next page.
5. During selection of evacuation candidate in the next GC we hit
   page->SweepingDone() assert.

BUG=chromium:650314
==========

[ulan, 2016-11-09 11:42:16]

ulan@chromium.org changed reviewers:
+ hpayer@chromium.org, mlippautz@chromium.org

[ulan, 2016-11-09 11:42:17]

ptal

[Michael Lippautz, 2016-11-09 11:44:34]

lgtm

https://codereview.chromium.org/2484153004/diff/1/src/heap/mark-compact.cc
File src/heap/mark-compact.cc (right):

https://codereview.chromium.org/2484153004/diff/1/src/heap/mark-compact.cc#ne...
src/heap/mark-compact.cc:3747: // If this page was already swept in the
meantime, we can return here.
nit: Move comment one line up.

[ulan, 2016-11-09 11:47:54]

https://codereview.chromium.org/2484153004/diff/1/src/heap/mark-compact.cc
File src/heap/mark-compact.cc (right):

https://codereview.chromium.org/2484153004/diff/1/src/heap/mark-compact.cc#ne...
src/heap/mark-compact.cc:3747: // If this page was already swept in the
meantime, we can return here.
On 2016/11/09 11:44:34, Michael Lippautz wrote:
> nit: Move comment one line up.

Done.

[ulan, 2016-11-09 11:47:57]

The CQ bit was checked by ulan@chromium.org

[ulan, 2016-11-09 11:47:58]

The patchset sent to the CQ was uploaded after l-g-t-m from
mlippautz@chromium.org
Link to the patchset: https://codereview.chromium.org/2484153004/#ps20001
(title: "address comment")

[commit-bot: I haz the power, 2016-11-09 11:48:04]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-09 12:14:18]

Description was changed from

==========
[heap] Ensure that the sweeper does not lose unswept pages.

This fixes a race between the sweeper and the array buffer tracker
that causes the sweeper to skip unswept pages.

The scenario:
1. Mark-compact GC adds page p to the sweeping_list_ of the sweeper.
2. GC finishes, the main thread starts executinng JS.
3. The main thread takes p->mutex to unregister an array buffer.
4. A sweeper thread removes p from the sweeping_list_ and tries to
   take p->mutex. The try fails. The sweeper drops p and continues
   to the next page.
5. During selection of evacuation candidate in the next GC we hit
   page->SweepingDone() assert.

BUG=chromium:650314
==========

to

==========
[heap] Ensure that the sweeper does not lose unswept pages.

This fixes a race between the sweeper and the array buffer tracker
that causes the sweeper to skip unswept pages.

The scenario:
1. Mark-compact GC adds page p to the sweeping_list_ of the sweeper.
2. GC finishes, the main thread starts executinng JS.
3. The main thread takes p->mutex to unregister an array buffer.
4. A sweeper thread removes p from the sweeping_list_ and tries to
   take p->mutex. The try fails. The sweeper drops p and continues
   to the next page.
5. During selection of evacuation candidate in the next GC we hit
   page->SweepingDone() assert.

BUG=chromium:650314
==========

[commit-bot: I haz the power, 2016-11-09 12:14:19]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2016-11-17 22:27:19]

Description was changed from

==========
[heap] Ensure that the sweeper does not lose unswept pages.

This fixes a race between the sweeper and the array buffer tracker
that causes the sweeper to skip unswept pages.

The scenario:
1. Mark-compact GC adds page p to the sweeping_list_ of the sweeper.
2. GC finishes, the main thread starts executinng JS.
3. The main thread takes p->mutex to unregister an array buffer.
4. A sweeper thread removes p from the sweeping_list_ and tries to
   take p->mutex. The try fails. The sweeper drops p and continues
   to the next page.
5. During selection of evacuation candidate in the next GC we hit
   page->SweepingDone() assert.

BUG=chromium:650314
==========

to

==========
[heap] Ensure that the sweeper does not lose unswept pages.

This fixes a race between the sweeper and the array buffer tracker
that causes the sweeper to skip unswept pages.

The scenario:
1. Mark-compact GC adds page p to the sweeping_list_ of the sweeper.
2. GC finishes, the main thread starts executinng JS.
3. The main thread takes p->mutex to unregister an array buffer.
4. A sweeper thread removes p from the sweeping_list_ and tries to
   take p->mutex. The try fails. The sweeper drops p and continues
   to the next page.
5. During selection of evacuation candidate in the next GC we hit
   page->SweepingDone() assert.

BUG=chromium:650314

Committed: https://crrev.com/b621987195cdb1b2031809d9f10aff3005190161
Cr-Commit-Position: refs/heads/master@{#40857}
==========

[commit-bot: I haz the power, 2016-11-17 22:27:20]

Patchset 2 (id:??) landed as
https://crrev.com/b621987195cdb1b2031809d9f10aff3005190161
Cr-Commit-Position: refs/heads/master@{#40857}