From 4f9fc8468d66c51e916fa1b3305f7afb9b237ee3 Mon Sep 17 00:00:00 2001
From: Omer Katz <omerkatz@chromium.org>
Date: Wed, 23 Sep 2020 11:11:07 +0200
Subject: [PATCH] cppgc: Fix overflow in marked bytes deadline

ProcessWorklistsWithDeadline now takes deadlines instead of durations.

Bug: chromium:1131203
Change-Id: Ie346334cfb043567836262614958282de078a1dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2424129
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70084}
---
 src/heap/cppgc/marker.cc | 11 +++++------
 src/heap/cppgc/marker.h  |  2 +-
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/heap/cppgc/marker.cc b/src/heap/cppgc/marker.cc
index 0815a644e6..ddc9127d63 100644
--- a/src/heap/cppgc/marker.cc
+++ b/src/heap/cppgc/marker.cc
@@ -248,7 +248,7 @@ void MarkerBase::FinishMarking(MarkingConfig::StackState stack_state) {
   DCHECK(is_marking_started_);
   EnterAtomicPause(stack_state);
   ProcessWorklistsWithDeadline(std::numeric_limits<size_t>::max(),
-                               v8::base::TimeDelta::Max());
+                               v8::base::TimeTicks::Max());
   mutator_marking_state_.Publish();
   LeaveAtomicPause();
   is_marking_started_ = false;
@@ -320,7 +320,9 @@ bool MarkerBase::AdvanceMarkingWithMaxDuration(
 
 bool MarkerBase::AdvanceMarkingWithDeadline(v8::base::TimeDelta max_duration) {
   size_t step_size_in_bytes = GetNextIncrementalStepDuration(schedule_, heap_);
-  bool is_done = ProcessWorklistsWithDeadline(step_size_in_bytes, max_duration);
+  bool is_done = ProcessWorklistsWithDeadline(
+      mutator_marking_state_.marked_bytes() + step_size_in_bytes,
+      v8::base::TimeTicks::Now() + max_duration);
   schedule_.UpdateIncrementalMarkedBytes(mutator_marking_state_.marked_bytes());
   if (!is_done) {
     // If marking is atomic, |is_done| should always be true.
@@ -332,10 +334,7 @@ bool MarkerBase::AdvanceMarkingWithDeadline(v8::base::TimeDelta max_duration) {
 }
 
 bool MarkerBase::ProcessWorklistsWithDeadline(
-    size_t expected_marked_bytes, v8::base::TimeDelta max_duration) {
-  size_t marked_bytes_deadline =
-      mutator_marking_state_.marked_bytes() + expected_marked_bytes;
-  v8::base::TimeTicks time_deadline = v8::base::TimeTicks::Now() + max_duration;
+    size_t marked_bytes_deadline, v8::base::TimeTicks time_deadline) {
   do {
     // Convert |previously_not_fully_constructed_worklist_| to
     // |marking_worklist_|. This merely re-adds items with the proper
diff --git a/src/heap/cppgc/marker.h b/src/heap/cppgc/marker.h
index 6a838844e2..c9a83ef44d 100644
--- a/src/heap/cppgc/marker.h
+++ b/src/heap/cppgc/marker.h
@@ -142,7 +142,7 @@ class V8_EXPORT_PRIVATE MarkerBase {
   bool AdvanceMarkingWithDeadline(
       v8::base::TimeDelta = kMaximumIncrementalStepDuration);
 
-  bool ProcessWorklistsWithDeadline(size_t, v8::base::TimeDelta);
+  bool ProcessWorklistsWithDeadline(size_t, v8::base::TimeTicks);
 
   void VisitRoots(MarkingConfig::StackState);