Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(363)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 686783003: Clear old backing store of WeakCollection on updates. (Closed)

Created:
6 years, 1 month ago by ulan
Modified:
6 years, 1 month ago
Reviewers:
Jakob Kummerow
CC:
v8-dev
Project:
v8
Visibility:
Public.

Description

Clear old backing store of WeakCollection on updates. Not clearing can lead to a crash under following conditions: 1. Backing store of a weak map is allocated in large object space. 2. The backing store is marked incrementaly via the weak map. 3. The weak map is updated and gets a new backing store. 4. The store buffer overflows and marks the chunk of the old backing store as "scan on scavenge." 5. Mark-compact collection kills some elements of the weak map. Note that the old backing store survives because it was marked incrementally, but its dead elements are not cleared. 6. Scavenger iterates over the old backing store, tries to move a dead object and crashes. BUG=v8:3631 LOG=N TEST=cctest/test-heap/Regress3631 R=jkummerow@chromium.org Committed: https://code.google.com/p/v8/source/detail?r=25032

Patch Set 1 #

Patch Set 2 : rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+48 lines, -0 lines) Patch
M src/runtime/runtime-collections.cc View 2 chunks +8 lines, -0 lines 0 comments Download
M test/cctest/test-heap.cc View 1 chunk +40 lines, -0 lines 0 comments Download

Messages

Total messages: 4 (1 generated)
ulan
PTAL
6 years, 1 month ago (2014-10-28 17:15:42 UTC) #2
Jakob Kummerow
LGTM
6 years, 1 month ago (2014-10-29 12:00:44 UTC) #3
ulan
6 years, 1 month ago (2014-10-31 13:11:38 UTC) #4
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) manually as 25032 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698