Do not fire timers for finalizing objects.

Source/platform/heap/Heap.h

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 383 matching lines @@
     virtual size_t size() = 0;
     virtual bool isLargeObject() { return false; }
 
     Address address() { return reinterpret_cast<Address>(this); }
     PageMemory* storage() const { return m_storage; }
     ThreadHeap* heap() const { return m_heap; }
     bool orphaned() { return !m_heap; }
     bool terminating() { return m_terminating; }
     void setTerminating() { m_terminating = true; }
 
+    // Returns true if this page has been swept by the ongoing lazy sweep.
+    bool hasBeenSwept() const { return m_swept; }
+
+    void markAsSwept()
+    {
+        ASSERT(!m_swept);
+        m_swept = true;
+    }
+
+    void markAsUnswept()
+    {
+        ASSERT(m_swept);
+        m_swept = false;
+    }
+
 private:
     PageMemory* m_storage;
     ThreadHeap* m_heap;
     // Whether the page is part of a terminating thread or not.
     bool m_terminating;
+
+    // Track the sweeping state of a page. Set to true once
+    // the lazy sweep completes has processed it.
+    //
+    // Set to false at the start of a sweep, true  upon completion
+    // of lazy sweeping.
+    bool m_swept;
 };
 
 class HeapPage final : public BaseHeapPage {
 public:
     HeapPage(PageMemory*, ThreadHeap*);
 
     Address payload()
     {
         return address() + sizeof(HeapPage) + headerPadding();
     }
@@ skipping 357 matching lines @@
     void allocatePage();
     Address allocateLargeObject(size_t, size_t gcInfoIndex);
 
     inline Address allocateObject(size_t allocationSize, size_t gcInfoIndex);
 
 #if ENABLE(ASSERT)
     bool pagesToBeSweptContains(Address);
 #endif
 
     bool coalesce();
-    void markUnmarkedObjectsDead();
+    void preparePagesForSweeping();
 
     Address m_currentAllocationPoint;
     size_t m_remainingAllocationSize;
     size_t m_lastRemainingAllocationSize;
 
     HeapPage* m_firstPage;
     LargeObject* m_firstLargeObject;
     HeapPage* m_firstUnsweptPage;
     LargeObject* m_firstUnsweptLargeObject;
 
     ThreadState* m_threadState;
 
     FreeList m_freeList;
 
     // Index into the page pools.  This is used to ensure that the pages of the
     // same type go into the correct page pool and thus avoid type confusion.
     int m_index;
 
     // The size of promptly freed objects in the heap.
     size_t m_promptlyFreedSize;
 };
 
+// Mask an address down to the enclosing oilpan heap base page.  All oilpan heap
+// pages are aligned at blinkPageBase plus an OS page size.
+// FIXME: Remove PLATFORM_EXPORT once we get a proper public interface to our
+// typed heaps.  This is only exported to enable tests in HeapTest.cpp.
+PLATFORM_EXPORT inline BaseHeapPage* pageFromObject(const void* object)
+{
+    Address address = reinterpret_cast<Address>(const_cast<void*>(object));
+    BaseHeapPage* page = reinterpret_cast<BaseHeapPage*>(blinkPageAddress(address) + WTF::kSystemPageSize);
+    ASSERT(page->contains(address));
+    return page;
+}
+
 class PLATFORM_EXPORT Heap {
 public:
     static void init();
     static void shutdown();
     static void doShutdown();
 
 #if ENABLE(ASSERT)
     static BaseHeapPage* findPageFromAddress(Address);
     static BaseHeapPage* findPageFromAddress(void* pointer) { return findPageFromAddress(reinterpret_cast<Address>(pointer)); }
     static bool containedInHeapOrOrphanedPage(void*);
 #endif
 
+    // Is the finalizable GC object still alive? If no GC is in progress,
+    // it must be true. If a lazy sweep is in progress, it will be true if
+    // the object hasn't been swept yet and it is marked, or it has
+    // been swept and it is still alive.
+    //
+    // isFinalizedObjectAlive() must not be used with already-finalized object
+    // references.
+    //

[haraken, 2015/01/19 05:35:49]

A couple of suggestions to clean up the method and the comment:

- Rename isFinalizedObjectAlive to willBeSweptInLazySweeping. Flip true/false of
the return value. ("isFinalizedObjectAlive" is confusing because we're not
allowed to pass an already-finalized object.)

- Update the comment to:

// Returns true if the |objectPointer| is going to be swept in the on-going
// lazy sweeping. If no lazy sweeping is in progress, it returns true.
// If lazy sweeping is in progress, it returns true iff the |objectPointer|
// hasn't yet been swept and it's unmarked. You should not pass an
already-finalized
// object to |objectPointer|.

- Add an ASSERT to verify that |objectPointer| is not an already-finalized
object:

  ASSERT(!objectPointer->isFree());
  objectPointer->checkHeader();

+    template<typename T>
+    static bool isFinalizedObjectAlive(const T* objectPointer)
+    {
+        static_assert(IsGarbageCollectedType<T>::value, "only objects deriving from GarbageCollected can be used.");
+#if ENABLE(OILPAN)
+        BaseHeapPage* page = pageFromObject(objectPointer);
+        if (page->hasBeenSwept())
+            return true;
+        ASSERT(page->heap()->threadState()->isSweepingInProgress());
+
+        return ObjectAliveTrait<T>::isHeapObjectAlive(s_markingVisitor, const_cast<T*>(objectPointer));
+#else
+        // FIXME: remove when lazy sweeping is always on
+        // (cf. ThreadState::postGCProcessing()).
+        return true;
+#endif
+    }
+
     // Push a trace callback on the marking stack.
     static void pushTraceCallback(void* containerObject, TraceCallback);
 
     // Push a trace callback on the post-marking callback stack.  These
     // callbacks are called after normal marking (including ephemeron
     // iteration).
     static void pushPostMarkingCallback(void*, TraceCallback);
 
     // Add a weak pointer callback to the weak callback work list.  General
     // object pointer callbacks are added to a thread local weak callback work
@@ skipping 352 matching lines @@
         void* operator new(size_t, NotNullTag, void*) = delete; \
         void* operator new(size_t, void*) = delete;
 
 #define GC_PLUGIN_IGNORE(bug)                           \
     __attribute__((annotate("blink_gc_plugin_ignore")))
 #else
 #define STACK_ALLOCATED() DISALLOW_ALLOCATION()
 #define GC_PLUGIN_IGNORE(bug)
 #endif
 
-// Mask an address down to the enclosing oilpan heap base page.  All oilpan heap
-// pages are aligned at blinkPageBase plus an OS page size.
-// FIXME: Remove PLATFORM_EXPORT once we get a proper public interface to our
-// typed heaps.  This is only exported to enable tests in HeapTest.cpp.
-PLATFORM_EXPORT inline BaseHeapPage* pageFromObject(const void* object)
-{
-    Address address = reinterpret_cast<Address>(const_cast<void*>(object));
-    BaseHeapPage* page = reinterpret_cast<BaseHeapPage*>(blinkPageAddress(address) + WTF::kSystemPageSize);
-    ASSERT(page->contains(address));
-    return page;
-}
-
 NO_SANITIZE_ADDRESS inline
 size_t HeapObjectHeader::size() const
 {
     size_t result = m_encoded & headerSizeMask;
     // Large objects should not refer to header->size().
     // The actual size of a large object is stored in
     // LargeObject::m_payloadSize.
     ASSERT(result != largeObjectSizeInHeader);
     ASSERT(!pageFromObject(this)->isLargeObject());
     return result;
@@ skipping 1181 matching lines @@
 template<typename T, size_t inlineCapacity>
 struct GCInfoTrait<HeapVector<T, inlineCapacity>> : public GCInfoTrait<Vector<T, inlineCapacity, HeapAllocator>> { };
 template<typename T, size_t inlineCapacity>
 struct GCInfoTrait<HeapDeque<T, inlineCapacity>> : public GCInfoTrait<Deque<T, inlineCapacity, HeapAllocator>> { };
 template<typename T, typename U, typename V>
 struct GCInfoTrait<HeapHashCountedSet<T, U, V>> : public GCInfoTrait<HashCountedSet<T, U, V, HeapAllocator>> { };
 
 } // namespace blink
 
 #endif // Heap_h