From 444fdfdef65a2ca30e7d984fdb53ef8b5e0cb705 Mon Sep 17 00:00:00 2001
From: Victor Gomes <victorgomes@chromium.org>
Date: Wed, 30 Jun 2021 15:07:14 +0200
Subject: [PATCH] [heap] Adds UndoLastAllocationAt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If the object to be trimmed creates a filler object that is located just
before the current LAB, then we can immediately give back the memory.

Bug: v8:11872, v8:11883
Change-Id: I9ec37443482334003b3752a3f25fc5dcb6a476fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996643
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75475}
---
 src/heap/factory.cc | 10 ++--------
 src/heap/heap.cc    | 13 +++++++++++++
 src/heap/heap.h     |  2 ++
 3 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/src/heap/factory.cc b/src/heap/factory.cc
index 64652b1158..cf4accbfdf 100644
--- a/src/heap/factory.cc
+++ b/src/heap/factory.cc
@@ -290,18 +290,12 @@ void Factory::CodeBuilder::FinalizeOnHeapCode(Handle<Code> code) {
   code->CopyRelocInfoToByteArray(code->unchecked_relocation_info(), code_desc_);
   code->RelocateFromDesc(heap, code_desc_);
 
-  int buffer_size = code_desc_.origin->buffer_size();
-  // TODO(v8:11883): add a hook to GC to check if the filler is just before
-  // the current LAB, and if it is, immediately give back the memory.
-  int old_object_size = Code::SizeFor(buffer_size);
+  int old_object_size = Code::SizeFor(code_desc_.origin->buffer_size());
   int new_object_size =
       Code::SizeFor(code_desc_.instruction_size() + code_desc_.metadata_size());
   int size_to_trim = old_object_size - new_object_size;
   DCHECK_GE(size_to_trim, 0);
-  if (size_to_trim > 0) {
-    heap->CreateFillerObjectAt(code->address() + new_object_size, size_to_trim,
-                               ClearRecordedSlots::kNo);
-  }
+  heap->UndoLastAllocationAt(code->address() + new_object_size, size_to_trim);
 }
 
 MaybeHandle<Code> Factory::NewEmptyCode(CodeKind kind, int buffer_size) {
diff --git a/src/heap/heap.cc b/src/heap/heap.cc
index 3252e14c78..39f8755ea2 100644
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -3414,6 +3414,19 @@ void Heap::RightTrimWeakFixedArray(WeakFixedArray object,
                                        elements_to_trim * kTaggedSize);
 }
 
+void Heap::UndoLastAllocationAt(Address addr, int size) {
+  DCHECK_LE(size, 0);
+  if (size == 0) return;
+  if (code_space_->Contains(addr)) {
+    Address* top = code_space_->allocation_top_address();
+    if (addr + size == *top && code_space_->original_top() <= addr) {
+      *top = addr;
+      return;
+    }
+  }
+  CreateFillerObjectAt(addr, size, ClearRecordedSlots::kNo);
+}
+
 template <typename T>
 void Heap::CreateFillerForArray(T object, int elements_to_trim,
                                 int bytes_to_trim) {
diff --git a/src/heap/heap.h b/src/heap/heap.h
index 7a2a5fb315..cedd873795 100644
--- a/src/heap/heap.h
+++ b/src/heap/heap.h
@@ -576,6 +576,8 @@ class Heap {
                                              int elements_to_trim);
   void RightTrimWeakFixedArray(WeakFixedArray obj, int elements_to_trim);
 
+  void UndoLastAllocationAt(Address addr, int size);
+
   // Converts the given boolean condition to JavaScript boolean value.
   inline Oddball ToBoolean(bool condition);