On store buffer overflow we mark individidual pages for...

src/spaces.h

 // Copyright 2011 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 285 matching lines @@
   }
 };
 
 
 // MemoryChunk represents a memory region owned by a specific space.
 // It is divided into the header and the body. Chunk start is always
 // 1MB aligned. Start of the body is aligned so it can accomodate
 // any heap object.
 class MemoryChunk {
  public:
+  // Only works if the pointer is in the first kPageSize of the MemoryChunk.
   static MemoryChunk* FromAddress(Address a) {
     return reinterpret_cast<MemoryChunk*>(OffsetFrom(a) & ~kAlignmentMask);
   }
 
+  // Only works for addresses in pointer spaces, not data or code spaces.
+  static inline MemoryChunk* FromAnyPointerAddress(Address addr);
+
   Address address() { return reinterpret_cast<Address>(this); }
 
   bool is_valid() { return address() != NULL; }
 
   MemoryChunk* next_chunk() const { return next_chunk_; }
   MemoryChunk* prev_chunk() const { return prev_chunk_; }
 
   void set_next_chunk(MemoryChunk* next) { next_chunk_ = next; }
   void set_prev_chunk(MemoryChunk* prev) { prev_chunk_ = prev; }
 
-  Space* owner() const { return owner_; }
+  Space* owner() const {
+    if ((reinterpret_cast<intptr_t>(owner_) & kFailureTagMask) ==
+        kFailureTag) {
+      return reinterpret_cast<Space*>(owner_ - kFailureTag);
+    } else {
+      return NULL;
+    }
+  }
+
+  void set_owner(Space* space) {
+    owner_ = reinterpret_cast<Address>(space) + kFailureTag;

[Vyacheslav Egorov (Chromium), 2011/03/28 15:13:19]

add assertion that checks that space was properly aligned.

[Erik Corry, 2011/03/28 15:56:07]

Done.

+    ASSERT((reinterpret_cast<intptr_t>(owner_) & kFailureTagMask) ==
+           kFailureTag);
+  }
+
+  bool scan_on_scavenge() { return scan_on_scavenge_; }
+  void set_scan_on_scavenge(bool scan) { scan_on_scavenge_ = scan; }
+
+  int store_buffer_counter() { return store_buffer_counter_; }
+  void set_store_buffer_counter(int counter) {
+    store_buffer_counter_ = counter;
+  }
 
   Address body() { return address() + kObjectStartOffset; }
 
   int body_size() { return size() - kObjectStartOffset; }
 
   bool Contains(Address addr) {
     return addr >= body() && addr < address() + size();
   }
 
   enum MemoryChunkFlags {
@@ skipping 13 matching lines @@
 
   bool IsFlagSet(int flag) {
     return (flags_ & (1 << flag)) != 0;
   }
 
   static const intptr_t kAlignment = (1 << kPageSizeBits);
 
   static const intptr_t kAlignmentMask = kAlignment - 1;
 
   static const size_t kHeaderSize = kPointerSize + kPointerSize + kPointerSize +
-    kPointerSize + kPointerSize + kPointerSize;
+    kPointerSize + kPointerSize + kPointerSize + kPointerSize;
 
   static const size_t kMarksBitmapLength =
     (1 << kPageSizeBits) >> (kPointerSizeLog2);
 
   static const size_t kMarksBitmapSize =
     (1 << kPageSizeBits) >> (kPointerSizeLog2 + kBitsPerByteLog2);
 
   static const int kBodyOffset =
     CODE_POINTER_ALIGN(MAP_POINTER_ALIGN(kHeaderSize + kMarksBitmapSize));
 
@@ skipping 49 matching lines @@
   }
 
   void InsertAfter(MemoryChunk* other);
   void Unlink();
 
  protected:
   MemoryChunk* next_chunk_;
   MemoryChunk* prev_chunk_;
   size_t size_;
   intptr_t flags_;
-  Space* owner_;
+  // The identity of the owning space.  This is tagged as a heap pointer, but

[Vyacheslav Egorov (Chromium), 2011/03/28 15:13:19]

Update comment. Now this is tagged as a failure and failures can reside in
objects.

[Erik Corry, 2011/03/28 15:56:07]

Done.

+  // no heap object can reside at this address, therefore it can be
+  // distinguished from any entry in a fixed array.
+  Address owner_;
+  // This flag indicates that the page is not being tracked by the store buffer.

[Vyacheslav Egorov (Chromium), 2011/03/28 15:13:19]

Why are we using bool instead of built-in flags?

[Erik Corry, 2011/03/28 15:56:07]

Because my next step will be to read it from generated code and for that the
code will be more compact if it is a bool rather than a bit we have to mask.

+  // At any point where we have to iterate over pointers to new space, we must
+  // search this page for pointers to new space.
+  bool scan_on_scavenge_;
+  // Used by the store buffer to keep track of which pages to mark scan-on-
+  // scavenge.
+  int store_buffer_counter_;

[Vyacheslav Egorov (Chromium), 2011/03/28 15:13:19]

You added 2 fields but kHeaderSize was increased only by 1 kPointerSize.

[Erik Corry, 2011/03/28 15:56:07]

There is a static assert that checks that the size is sufficient. Apparently it
was too big before.

 
   static MemoryChunk* Initialize(Address base,
                                  size_t size,
                                  Executability executable,
                                  Space* owner);
 
   friend class MemoryAllocator;
 };
 
 STATIC_CHECK(sizeof(MemoryChunk) <= MemoryChunk::kHeaderSize);
 
 // -----------------------------------------------------------------------------
 // A page is a memory chunk of a size 1MB. Large object pages may be larger.
 //
 // The only way to get a page pointer is by calling factory methods:
 //   Page* p = Page::FromAddress(addr); or
 //   Page* p = Page::FromAllocationTop(top);
 class Page : public MemoryChunk {
  public:
   // Returns the page containing a given address. The address ranges
   // from [page_addr .. page_addr + kPageSize[
-  //
-  // Note that this function only works for addresses in normal paged
-  // spaces and addresses in the first 1Mbyte of large object pages (i.e.,
-  // the start of large objects but not necessarily derived pointers
-  // within them).
+  // This only works if the object is in fact in a page.  See also MemoryChunk::
+  // FromAddress() and FromAnyAddress().
   INLINE(static Page* FromAddress(Address a)) {
     return reinterpret_cast<Page*>(OffsetFrom(a) & ~kPageAlignmentMask);
   }
 
   // Returns the page containing an allocation top. Because an allocation
   // top address can be the upper bound of the page, we need to subtract
   // it with kPointerSize first. The address ranges from
   // [page_addr + kObjectStartOffset .. page_addr + kPageSize].
   INLINE(static Page* FromAllocationTop(Address top)) {
     Page* p = FromAddress(top - kPointerSize);
     ASSERT_PAGE_OFFSET(p->Offset(top));
     return p;
   }
 
   // Returns the next page in the chain of pages owned by a space.
   inline Page* next_page();
   inline Page* prev_page();
   inline void set_next_page(Page* page);
   inline void set_prev_page(Page* page);
 
-  PagedSpace* owner() const { return reinterpret_cast<PagedSpace*>(owner_); }
-
   // Returns the start address of the object area in this page.
   Address ObjectAreaStart() { return address() + kObjectStartOffset; }
 
   // Returns the end address (exclusive) of the object area in this page.
   Address ObjectAreaEnd() { return address() + Page::kPageSize; }
 
   // Checks whether an address is page aligned.
   static bool IsAlignedToPageSize(Address a) {
     return 0 == (OffsetFrom(a) & kPageAlignmentMask);
   }
@@ skipping 612 matching lines @@
   void Zap();
   static intptr_t SumFreeList(FreeListNode* node);
   intptr_t SumFreeLists();
 #endif
 
  private:
   // The size range of blocks, in bytes.
   static const int kMinBlockSize = 3 * kPointerSize;
   static const int kMaxBlockSize = Page::kMaxHeapObjectSize;
 
-  // The identity of the owning space.
   PagedSpace* owner_;
 
   // Total available bytes in all blocks on this free list.
   int available_;
 
   static const int kSmallListMin = 0x20 * kPointerSize;
   static const int kSmallListMax = 0xff * kPointerSize;
   static const int kMediumListMax = 0x7ff * kPointerSize;
   static const int kLargeListMax = 0x3fff * kPointerSize;
   static const int kSmallAllocationMax = kSmallListMin - kPointerSize;
@@ skipping 882 matching lines @@
 
   // implementation of ObjectIterator.
   virtual HeapObject* next_object() { return next(); }
 
  private:
   LargePage* current_;
   HeapObjectCallback size_func_;
 };
 
 
+// Iterates over the chunks (pages and large object pages) that can contain
+// pointers to new space.
+class PointerChunkIterator BASE_EMBEDDED {
+ public:
+  inline PointerChunkIterator();
+
+  // Return NULL when the iterator is done.
+  MemoryChunk* next() {
+    switch (state_) {
+      case kOldPointerState: {
+        if (old_pointer_iterator_.has_next()) {
+          return old_pointer_iterator_.next();
+        }
+        state_ = kMapState;
+        // FALL THROUGH!

[Vyacheslav Egorov (Chromium), 2011/03/28 15:13:19]

this comment does not look like something we usually write.

[Erik Corry, 2011/03/28 15:56:07]

lowercaseified.

+      }
+      case kMapState: {
+        if (map_iterator_.has_next()) {
+          return map_iterator_.next();
+        }
+        state_ = kLargeObjectState;
+        // FALL THROUGH!
+      }
+      case kLargeObjectState: {
+        HeapObject* heap_object;
+        do {
+          heap_object = lo_iterator_.next();
+          if (heap_object == NULL) {
+            state_ = kFinishedState;
+            return NULL;
+          }
+          // Fixed arrays are the only pointer-containing objects in large
+          // object space.
+        } while (!heap_object->IsFixedArray());
+        MemoryChunk* answer = MemoryChunk::FromAddress(heap_object->address());
+        return answer;
+      }
+      case kFinishedState:
+        return NULL;
+      default:
+        break;
+    }
+    UNREACHABLE();
+    return NULL;
+  }
+
+
+ private:
+  enum State {
+    kOldPointerState,
+    kMapState,
+    kLargeObjectState,
+    kFinishedState
+  };
+  State state_;
+  PageIterator old_pointer_iterator_;
+  PageIterator map_iterator_;
+  LargeObjectIterator lo_iterator_;
+};
+
+
 } }  // namespace v8::internal
 
 #endif  // V8_SPACES_H_