Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(120)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/heap/heap.cc

Issue 695213004: Handle store buffer slot overwrite during object promotion. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/v8.h" 5 #include "src/v8.h"
6 6
7 #include "src/accessors.h" 7 #include "src/accessors.h"
8 #include "src/api.h" 8 #include "src/api.h"
9 #include "src/base/bits.h" 9 #include "src/base/bits.h"
10 #include "src/base/once.h" 10 #include "src/base/once.h"
(...skipping 2020 matching lines...) Expand 10 before | Expand all | Expand 10 after
2031 2031
2032 HeapObject* target = NULL; // Initialization to please compiler. 2032 HeapObject* target = NULL; // Initialization to please compiler.
2033 if (allocation.To(&target)) { 2033 if (allocation.To(&target)) {
2034 if (alignment != kObjectAlignment) { 2034 if (alignment != kObjectAlignment) {
2035 target = EnsureDoubleAligned(heap, target, allocation_size); 2035 target = EnsureDoubleAligned(heap, target, allocation_size);
2036 } 2036 }
2037 2037
2038 // Order is important: slot might be inside of the target if target 2038 // Order is important: slot might be inside of the target if target
2039 // was allocated over a dead object and slot comes from the store 2039 // was allocated over a dead object and slot comes from the store
2040 // buffer. 2040 // buffer.
2041 *slot = target; 2041
2042 // Unfortunately, the allocation can also write over the slot if the slot
2043 // was in free space and the allocation wrote free list data (such as the
2044 // free list map or entry size) over the slot. We guard against this by
2045 // checking that the slot still points to the object being moved. This
2046 // should be sufficient because neither the free list map nor the free
2047 // list entry size should look like a new space pointer (the former is an
2048 // old space pointer, the latter is word-aligned).
2049 if (*slot == object) {
2050 *slot = target;
2051 }
2042 MigrateObject(heap, object, target, object_size); 2052 MigrateObject(heap, object, target, object_size);
2043 2053
2044 if (object_contents == POINTER_OBJECT) { 2054 if (object_contents == POINTER_OBJECT) {
2045 if (map->instance_type() == JS_FUNCTION_TYPE) { 2055 if (map->instance_type() == JS_FUNCTION_TYPE) {
2046 heap->promotion_queue()->insert(target, 2056 heap->promotion_queue()->insert(target,
2047 JSFunction::kNonWeakFieldsEndOffset); 2057 JSFunction::kNonWeakFieldsEndOffset);
2048 } else { 2058 } else {
2049 heap->promotion_queue()->insert(target, object_size); 2059 heap->promotion_queue()->insert(target, object_size);
2050 } 2060 }
2051 } 2061 }
(...skipping 4200 matching lines...) Expand 10 before | Expand all | Expand 10 after
6252 static_cast<int>(object_sizes_last_time_[index])); 6262 static_cast<int>(object_sizes_last_time_[index]));
6253 CODE_AGE_LIST_COMPLETE(ADJUST_LAST_TIME_OBJECT_COUNT) 6263 CODE_AGE_LIST_COMPLETE(ADJUST_LAST_TIME_OBJECT_COUNT)
6254 #undef ADJUST_LAST_TIME_OBJECT_COUNT 6264 #undef ADJUST_LAST_TIME_OBJECT_COUNT
6255 6265
6256 MemCopy(object_counts_last_time_, object_counts_, sizeof(object_counts_)); 6266 MemCopy(object_counts_last_time_, object_counts_, sizeof(object_counts_));
6257 MemCopy(object_sizes_last_time_, object_sizes_, sizeof(object_sizes_)); 6267 MemCopy(object_sizes_last_time_, object_sizes_, sizeof(object_sizes_));
6258 ClearObjectStats(); 6268 ClearObjectStats();
6259 } 6269 }
6260 } 6270 }
6261 } // namespace v8::internal 6271 } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698