Oilpan: Simplify Heap::allocate

Source/platform/heap/Heap.h

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 822 matching lines @@
     void removePageFromHeap(HeapPage<Header>*);
 
     PLATFORM_EXPORT void promptlyFreeObject(Header*);
 
 private:
     void addPageToHeap(const GCInfo*);
     PLATFORM_EXPORT Address outOfLineAllocate(size_t, const GCInfo*);
     static size_t allocationSizeFromSize(size_t);
     PLATFORM_EXPORT Address allocateLargeObject(size_t, const GCInfo*);
     Address currentAllocationPoint() const { return m_currentAllocationPoint; }
-    size_t remainingAllocationSize() const { return m_remainingAllocationSize; }
+    size_t remainingAllocationSize() const
+    {
+        RELEASE_ASSERT(m_allocationLimit >= m_currentAllocationPoint);
+        return static_cast<size_t>(m_allocationLimit - m_currentAllocationPoint);
+    }
     bool ownsNonEmptyAllocationArea() const { return currentAllocationPoint() && remainingAllocationSize(); }
     void setAllocationPoint(Address point, size_t size)
     {
         ASSERT(!point || heapPageFromAddress(point));
         ASSERT(size <= HeapPage<Header>::payloadSize());
         m_currentAllocationPoint = point;
-        m_remainingAllocationSize = size;
+        m_allocationLimit = point + size;
+        if (m_lastRemainingAllocationSize != remainingAllocationSize())
+            stats().increaseObjectSpace(m_lastRemainingAllocationSize - remainingAllocationSize());
+        m_lastRemainingAllocationSize = remainingAllocationSize();
     }
     void ensureCurrentAllocation(size_t, const GCInfo*);
     bool allocateFromFreeList(size_t);
 
     void freeLargeObject(LargeHeapObject<Header>*, LargeHeapObject<Header>**);
     void allocatePage(const GCInfo*);
 
 #if ENABLE(ASSERT)
     bool pagesToBeSweptContains(Address);
     bool pagesAllocatedDuringSweepingContains(Address);
 #endif
 
     void sweepNormalPages(HeapStats*);
     void sweepLargePages(HeapStats*);
     bool coalesce(size_t);
 
     Address m_currentAllocationPoint;
-    size_t m_remainingAllocationSize;
+    Address m_allocationLimit;
+    size_t m_lastRemainingAllocationSize;
 
     HeapPage<Header>* m_firstPage;
     LargeHeapObject<Header>* m_firstLargeHeapObject;
 
     HeapPage<Header>* m_firstPageAllocatedDuringSweeping;
     HeapPage<Header>* m_lastPageAllocatedDuringSweeping;
 
     // Merge point for parallel sweep.
     HeapPage<Header>* m_mergePoint;
 
@@ skipping 513 matching lines @@
 }
 
 size_t FinalizedHeapObjectHeader::payloadSize()
 {
     return size() - finalizedHeaderSize;
 }
 
 template<typename Header>
 size_t ThreadHeap<Header>::allocationSizeFromSize(size_t size)
 {
+    size_t allocationSize = size + sizeof(Header);

[Erik Corry, 2014/10/13 13:20:32]

You can't move this above the release assert, because this addition could wrap
around, and then the release assert would pass, but the allocation would be
tiny.  This is potentially a huge security issue!

[haraken, 2014/10/14 10:43:07]

Thanks for catching this, done.

+
     // Check the size before computing the actual allocation size. The
     // allocation size calculation can overflow for large sizes and
     // the check therefore has to happen before any calculation on the
     // size.
-    RELEASE_ASSERT(size < maxHeapObjectSize);
+    RELEASE_ASSERT(allocationSize < maxHeapObjectSize);
 
-    // Add space for header.
-    size_t allocationSize = size + sizeof(Header);
     // Align size with allocation granularity.
     allocationSize = (allocationSize + allocationMask) & ~allocationMask;
     return allocationSize;
 }
 
 template<typename Header>
 Address ThreadHeap<Header>::allocate(size_t size, const GCInfo* gcInfo)
 {
     size_t allocationSize = allocationSizeFromSize(size);
-    bool isLargeObject = allocationSize > blinkPageSize / 2;
-    if (isLargeObject)
-        return allocateLargeObject(allocationSize, gcInfo);
-    if (m_remainingAllocationSize < allocationSize)
-        return outOfLineAllocate(size, gcInfo);
-    Address headerAddress = m_currentAllocationPoint;
-    m_currentAllocationPoint += allocationSize;
-    m_remainingAllocationSize -= allocationSize;
-    Header* header = new (NotNull, headerAddress) Header(allocationSize, gcInfo);
-    size_t payloadSize = allocationSize - sizeof(Header);
-    stats().increaseObjectSpace(payloadSize);
-    Address result = headerAddress + sizeof(*header);
-    ASSERT(!(reinterpret_cast<uintptr_t>(result) & allocationMask));
-    // Unpoison the memory used for the object (payload).
-    ASAN_UNPOISON_MEMORY_REGION(result, payloadSize);
+    Address nextAllocationPoint = m_currentAllocationPoint + allocationSize;
+    if (LIKELY(nextAllocationPoint <= m_allocationLimit)) {
+        Address headerAddress = m_currentAllocationPoint;
+        m_currentAllocationPoint = nextAllocationPoint;
+        Header* header = new (NotNull, headerAddress) Header(allocationSize, gcInfo);
+        Address result = headerAddress + sizeof(*header);
+        ASSERT(!(reinterpret_cast<uintptr_t>(result) & allocationMask));
+
+        // Unpoison the memory used for the object (payload).
+        ASAN_UNPOISON_MEMORY_REGION(result, allocationSize - sizeof(Header));
 #if ENABLE(ASSERT) || defined(LEAK_SANITIZER) || defined(ADDRESS_SANITIZER)
-    memset(result, 0, payloadSize);
+        memset(result, 0, allocationSize - sizeof(Header));
 #endif
-    ASSERT(heapPageFromAddress(headerAddress + allocationSize - 1));
-    return result;
+        ASSERT(heapPageFromAddress(headerAddress + allocationSize - 1));
+        return result;
+    }
+    ASSERT(allocationSize > remainingAllocationSize());
+    return outOfLineAllocate(size, gcInfo);
 }
 
 template<typename T, typename HeapTraits>
 Address Heap::allocate(size_t size)
 {
     ThreadState* state = ThreadStateFor<ThreadingTrait<T>::Affinity>::state();
     ASSERT(state->isAllocationAllowed());
     const GCInfo* gcInfo = GCInfoTrait<T>::get();
-    int heapIndex = HeapTraits::index(gcInfo->hasFinalizer());
-    BaseHeap* heap = state->heap(heapIndex);
+    BaseHeap* heap = state->heap(gcInfo->heapIndex());

[Erik Corry, 2014/10/13 13:20:32]

Why is this faster?

The HeapTraits should be known at code generation time, and
gcInfo->hasFinalizer() is just as known as gcInfo->heapIndex().

[haraken, 2014/10/14 10:43:07]

You're right. I confirmed that the assembly is the same. Removed.

     return static_cast<typename HeapTraits::HeapType*>(heap)->allocate(size, gcInfo);
 }
 
 template<typename T>
 Address Heap::allocate(size_t size)
 {
     return allocate<T, HeapTypeTrait<T> >(size);
 }
 
 template<typename T>
@@ skipping 991 matching lines @@
 };
 
 template<typename T>
 struct IfWeakMember<WeakMember<T> > {
     static bool isDead(Visitor* visitor, const WeakMember<T>& t) { return !visitor->isAlive(t.get()); }
 };
 
 }
 
 #endif // Heap_h