Remove markDead() and isDead()

third_party/WebKit/Source/platform/heap/HeapPage.h

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 139 matching lines @@
 // - 1 bit used to mark DOM trees for V8.
 // - 14 bit is enough for gcInfoIndex because there are less than 2^14 types
 //   in Blink.
 const size_t headerWrapperMarkBitMask = 1u << 17;
 const size_t headerGCInfoIndexShift = 18;
 const size_t headerGCInfoIndexMask = (static_cast<size_t>((1 << 14) - 1))
                                      << headerGCInfoIndexShift;
 const size_t headerSizeMask = (static_cast<size_t>((1 << 14) - 1)) << 3;
 const size_t headerMarkBitMask = 1;
 const size_t headerFreedBitMask = 2;
-// The dead bit is used for objects that have gone through a GC marking, but did
-// not get swept before a new GC started. In that case we set the dead bit on
-// objects that were not marked in the previous GC to ensure we are not tracing
-// them via a conservatively found pointer. Tracing dead objects could lead to
-// tracing of already finalized objects in another thread's heap which is a
-// use-after-free situation.
+// TODO(haraken): Remove the dead bit. It is used only by a header of
+// a promptly freed header.

[haraken, 2017/02/08 09:18:06]

I'll look into this. I'm not sure how easy it is to remove the bit.

[sof, 2017/02/08 09:24:00]

s/a promptly freed header/promptly freed object/

 const size_t headerDeadBitMask = 4;
 // On free-list entries we reuse the dead bit to distinguish a normal free-list
 // entry from one that has been promptly freed.
 const size_t headerPromptlyFreedBitMask =
     headerFreedBitMask | headerDeadBitMask;
 const size_t largeObjectSizeInHeader = 0;
 const size_t gcInfoIndexForFreeListHeader = 0;
 const size_t nonLargeObjectPageSizeMax = 1 << 17;
 
 static_assert(
@@ skipping 49 matching lines @@
   void setSize(size_t size) {
     ASSERT(size < nonLargeObjectPageSizeMax);
     m_encoded = static_cast<uint32_t>(size) | (m_encoded & ~headerSizeMask);
   }
   bool isWrapperHeaderMarked() const;
   void markWrapperHeader();
   void unmarkWrapperHeader();
   bool isMarked() const;
   void mark();
   void unmark();
-  void markDead();
-  bool isDead() const;
 
   Address payload();
   size_t payloadSize();
   Address payloadEnd();
 
 #if DCHECK_IS_ON()
   bool checkHeader() const;
   // Zap magic number with a new magic number that means there was once an
   // object allocated here, but it was freed because nobody marked it during
   // GC.
@@ skipping 145 matching lines @@
   }
   BasePage* next() const { return m_next; }
 
   // virtual methods are slow. So performance-sensitive methods
   // should be defined as non-virtual methods on NormalPage and LargeObjectPage.
   // The following methods are not performance-sensitive.
   virtual size_t objectPayloadSizeForTesting() = 0;
   virtual bool isEmpty() = 0;
   virtual void removeFromHeap() = 0;
   virtual void sweep() = 0;
-  virtual void makeConsistentForGC() = 0;
   virtual void makeConsistentForMutator() = 0;
   virtual void invalidateObjectStartBitmap() = 0;
 
 #if defined(ADDRESS_SANITIZER)
   virtual void poisonUnmarkedObjects() = 0;
 #endif
   // Check if the given address points to an object in this
   // heap page. If so, find the start of that object and mark it
   // using the given Visitor. Otherwise do nothing. The pointer must
   // be within the same aligned blinkPageSize as the this-pointer.
@@ skipping 72 matching lines @@
   }
   Address payloadEnd() { return payload() + payloadSize(); }
   bool containedInObjectPayload(Address address) {
     return payload() <= address && address < payloadEnd();
   }
 
   size_t objectPayloadSizeForTesting() override;
   bool isEmpty() override;
   void removeFromHeap() override;
   void sweep() override;
-  void makeConsistentForGC() override;
   void makeConsistentForMutator() override;
   void invalidateObjectStartBitmap() override {
     m_objectStartBitMapComputed = false;
   }
 #if defined(ADDRESS_SANITIZER)
   void poisonUnmarkedObjects() override;
 #endif
   void checkAndMarkPointer(Visitor*, Address) override;
 #if DCHECK_IS_ON()
   void checkAndMarkPointer(Visitor*,
@@ skipping 64 matching lines @@
   size_t payloadSize() { return m_payloadSize; }
   Address payloadEnd() { return payload() + payloadSize(); }
   bool containedInObjectPayload(Address address) {
     return payload() <= address && address < payloadEnd();
   }
 
   size_t objectPayloadSizeForTesting() override;
   bool isEmpty() override;
   void removeFromHeap() override;
   void sweep() override;
-  void makeConsistentForGC() override;
   void makeConsistentForMutator() override;
   void invalidateObjectStartBitmap() override {}
 #if defined(ADDRESS_SANITIZER)
   void poisonUnmarkedObjects() override;
 #endif
   void checkAndMarkPointer(Visitor*, Address) override;
 #if DCHECK_IS_ON()
   void checkAndMarkPointer(Visitor*,
                            Address,
                            MarkedPointerCallbackForTesting) override;
@@ skipping 343 matching lines @@
   ASSERT(!isMarked());
   m_encoded = m_encoded | headerMarkBitMask;
 }
 
 NO_SANITIZE_ADDRESS inline void HeapObjectHeader::unmark() {
   ASSERT(checkHeader());
   ASSERT(isMarked());
   m_encoded &= ~headerMarkBitMask;
 }
 
-NO_SANITIZE_ADDRESS inline bool HeapObjectHeader::isDead() const {
-  ASSERT(checkHeader());
-  return m_encoded & headerDeadBitMask;
-}
-
-NO_SANITIZE_ADDRESS inline void HeapObjectHeader::markDead() {
-  // A Dead state should not happen in a per-thread heap world.
-  // TODO(haraken): Remove code to handle the Dead state.
-  CHECK(false);
-  ASSERT(checkHeader());
-  ASSERT(!isMarked());
-  m_encoded |= headerDeadBitMask;
-}
-
 inline Address NormalPageArena::allocateObject(size_t allocationSize,
                                                size_t gcInfoIndex) {
   if (LIKELY(allocationSize <= m_remainingAllocationSize)) {
     Address headerAddress = m_currentAllocationPoint;
     m_currentAllocationPoint += allocationSize;
     m_remainingAllocationSize -= allocationSize;
     ASSERT(gcInfoIndex > 0);
     new (NotNull, headerAddress) HeapObjectHeader(allocationSize, gcInfoIndex);
     Address result = headerAddress + sizeof(HeapObjectHeader);
     ASSERT(!(reinterpret_cast<uintptr_t>(result) & allocationMask));
 
     SET_MEMORY_ACCESSIBLE(result, allocationSize - sizeof(HeapObjectHeader));
     ASSERT(findPageFromAddress(headerAddress + allocationSize - 1));
     return result;
   }
   return outOfLineAllocate(allocationSize, gcInfoIndex);
 }
 
 inline NormalPageArena* NormalPage::arenaForNormalPage() const {
   return static_cast<NormalPageArena*>(arena());
 }
 
 }  // namespace blink
 
 #endif  // HeapPage_h