Verify that a new heap page isn't also marked as being off heap.

Verify that a new heap page isn't also marked as being off heap.

Attempt to diagnose a rare assert failure, where a conservative
GC stack scan finds a potential pointer in both the heap's
negative heap page cache and in the map of in-use heap pages.

Those two mapping should be mutually exclusive by construction,
and must be -- the negative page cache must not contain false
positives. Hence, add verification when a new page is committed
& used, it does not already have a mapping in that negative cache.

R=haraken
BUG=649485
Review-Url: https://codereview.chromium.org/2715713005
Cr-Commit-Position: refs/heads/master@{#452833}
Committed: https://chromium.googlesource.com/chromium/src/+/7c787e8cafaa3b13951ce38c76e0ebefb31ff454

[sof, 2017-02-24 13:02:30]

The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2017-02-24 13:02:42]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[sof, 2017-02-24 13:10:27]

sigbjornf@opera.com changed reviewers:
+ oilpan-reviews@chromium.org

[sof, 2017-02-24 13:10:28]

please take a look.

i'm failing to understand how the assert on the associated bug can come about;
this might help shed some light on it.

[haraken, 2017-02-24 13:21:22]

haraken@chromium.org changed reviewers:
+ haraken@chromium.org

[haraken, 2017-02-24 13:21:22]

LGTM

https://codereview.chromium.org/2715713005/diff/1/third_party/WebKit/Source/p...
File third_party/WebKit/Source/platform/heap/PageMemory.h (right):

https://codereview.chromium.org/2715713005/diff/1/third_party/WebKit/Source/p...
third_party/WebKit/Source/platform/heap/PageMemory.h:185:
DCHECK(!ThreadState::current()->isAddressInHeapDoesNotContainCache(

I'm fine with using a CHECK given that commit() won't be frequently called.

[sof, 2017-02-24 13:54:14]

The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run

[commit-bot: I haz the power, 2017-02-24 13:54:22]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[sof, 2017-02-24 13:54:37]

https://codereview.chromium.org/2715713005/diff/1/third_party/WebKit/Source/p...
File third_party/WebKit/Source/platform/heap/PageMemory.h (right):

https://codereview.chromium.org/2715713005/diff/1/third_party/WebKit/Source/p...
third_party/WebKit/Source/platform/heap/PageMemory.h:185:
DCHECK(!ThreadState::current()->isAddressInHeapDoesNotContainCache(
On 2017/02/24 13:21:22, haraken wrote:
> 
> I'm fine with using a CHECK given that commit() won't be frequently called.

good idea, let's do that and try to flush out the problem faster.

[commit-bot: I haz the power, 2017-02-24 15:22:17]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-24 15:22:18]

Dry run: This issue passed the CQ dry run.

[sof, 2017-02-24 15:40:40]

Description was changed from

==========
Verify that a new heap page isn't also marked as being off heap.

Attempt to diagnose a rare assert failure, where a conservative
GC stack scan finds a potential pointer in both the heap's
negative heap page cache and in the map of in-use heap pages.

Those two mapping should be mutually exclusive by construction,
and must be -- the negative page cache must not contain false
positives. Hence, add verification when a new page is committed
& used, it does not already have a mapping in that negative cache.

R=
BUG=649485
==========

to

==========
Verify that a new heap page isn't also marked as being off heap.

Attempt to diagnose a rare assert failure, where a conservative
GC stack scan finds a potential pointer in both the heap's
negative heap page cache and in the map of in-use heap pages.

Those two mapping should be mutually exclusive by construction,
and must be -- the negative page cache must not contain false
positives. Hence, add verification when a new page is committed
& used, it does not already have a mapping in that negative cache.

R=haraken
BUG=649485
==========

[sof, 2017-02-24 15:40:53]

The CQ bit was checked by sigbjornf@opera.com

[sof, 2017-02-24 15:40:54]

The patchset sent to the CQ was uploaded after l-g-t-m from haraken@chromium.org
Link to the patchset: https://codereview.chromium.org/2715713005/#ps20001
(title: "switch to CHECK()")

[commit-bot: I haz the power, 2017-02-24 15:41:06]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-24 15:45:11]

CQ is committing da patch.

Bot data: {"patchset_id": 20001, "attempt_start_ts": 1487950853941400,
"parent_rev": "72d281d8c6fc0e2c94c2545c7d6c7ad7409324e7", "commit_rev":
"7c787e8cafaa3b13951ce38c76e0ebefb31ff454"}

[commit-bot: I haz the power, 2017-02-24 15:45:45]

Description was changed from

==========
Verify that a new heap page isn't also marked as being off heap.

Attempt to diagnose a rare assert failure, where a conservative
GC stack scan finds a potential pointer in both the heap's
negative heap page cache and in the map of in-use heap pages.

Those two mapping should be mutually exclusive by construction,
and must be -- the negative page cache must not contain false
positives. Hence, add verification when a new page is committed
& used, it does not already have a mapping in that negative cache.

R=haraken
BUG=649485
==========

to

==========
Verify that a new heap page isn't also marked as being off heap.

Attempt to diagnose a rare assert failure, where a conservative
GC stack scan finds a potential pointer in both the heap's
negative heap page cache and in the map of in-use heap pages.

Those two mapping should be mutually exclusive by construction,
and must be -- the negative page cache must not contain false
positives. Hence, add verification when a new page is committed
& used, it does not already have a mapping in that negative cache.

R=haraken
BUG=649485

Review-Url: https://codereview.chromium.org/2715713005
Cr-Commit-Position: refs/heads/master@{#452833}
Committed:
https://chromium.googlesource.com/chromium/src/+/7c787e8cafaa3b13951ce38c76e0...
==========

[commit-bot: I haz the power, 2017-02-24 15:45:46]

Committed patchset #2 (id:20001) as
https://chromium.googlesource.com/chromium/src/+/7c787e8cafaa3b13951ce38c76e0...