[heap] Clear recorded slots for trimmed strings and preparse data

Currently string and preparse data trimming code creates filler object without clearing the slots in the trimmed area. This currently works because the slots are overwritten by filler/free space map. This CL explicitly clears the slots and makes the code more robust. Bug: v8:9454 Change-Id: I20ad8a210eb17932e46be5df4b42389955b5e5eb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1778023 Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#63481}
2019-08-30 12:47:33 +02:00 · 2019-08-30 12:47:33 +02:00 · 1884223839
commit 1884223839
parent baed90dcbd
2 changed files with 10 additions and 4 deletions
--- a/src/objects/shared-function-info-inl.h
+++ b/src/objects/shared-function-info-inl.h
@ -627,7 +627,7 @@ void SharedFunctionInfo::ClearPreparseData() {
      data.address() + UncompiledDataWithoutPreparseData::kSize,
      UncompiledDataWithPreparseData::kSize -
          UncompiledDataWithoutPreparseData::kSize,
-      ClearRecordedSlots::kNo);
+      ClearRecordedSlots::kYes);

  // Ensure that the clear was successful.
  DCHECK(HasUncompiledDataWithoutPreparseData());
--- a/src/objects/string.cc
+++ b/src/objects/string.cc
@ -110,6 +110,8 @@ void String::MakeThin(Isolate* isolate, String internalized) {
    }
  }

+  bool has_pointers = StringShape(*this).IsIndirect();
+
  int old_size = this->Size();
  isolate->heap()->NotifyObjectLayoutChange(*this, old_size, no_gc);
  bool one_byte = internalized.IsOneByteRepresentation();
@ -123,7 +125,9 @@ void String::MakeThin(Isolate* isolate, String internalized) {
  int size_delta = old_size - ThinString::kSize;
  if (size_delta != 0) {
    Heap* heap = isolate->heap();
-    heap->CreateFillerObjectAt(thin_end, size_delta, ClearRecordedSlots::kNo);
+    heap->CreateFillerObjectAt(
+        thin_end, size_delta,
+        has_pointers ? ClearRecordedSlots::kYes : ClearRecordedSlots::kNo);
  }
 }

@ -178,7 +182,8 @@ bool String::MakeExternal(v8::String::ExternalStringResource* resource) {
  // Byte size of the external String object.
  int new_size = this->SizeFromMap(new_map);
  isolate->heap()->CreateFillerObjectAt(
-      this->address() + new_size, size - new_size, ClearRecordedSlots::kNo);
+      this->address() + new_size, size - new_size,
+      has_pointers ? ClearRecordedSlots::kYes : ClearRecordedSlots::kNo);
  if (has_pointers) {
    isolate->heap()->ClearRecordedSlotRange(this->address(),
                                            this->address() + new_size);
@ -250,7 +255,8 @@ bool String::MakeExternal(v8::String::ExternalOneByteStringResource* resource) {
  // Byte size of the external String object.
  int new_size = this->SizeFromMap(new_map);
  isolate->heap()->CreateFillerObjectAt(
-      this->address() + new_size, size - new_size, ClearRecordedSlots::kNo);
+      this->address() + new_size, size - new_size,
+      has_pointers ? ClearRecordedSlots::kYes : ClearRecordedSlots::kNo);
  if (has_pointers) {
    isolate->heap()->ClearRecordedSlotRange(this->address(),
                                            this->address() + new_size);