AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[in-place weak refs] Remove WeakFixedArray::Shrink.

Browse Source 
WeakFixedArray::Shrink is fragile when not used properly (might invalidate GC
bookeeping (location of weak slots)).

BUG=v8:7308

Change-Id: Id84329e2a78907f5f0bfafae32fc2a71b77edbe7
Reviewed-on: https://chromium-review.googlesource.com/1076236
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53410}
This commit is contained in:
Marja Hölttä 2018-05-29 15:06:17 +02:00 committed by Commit Bot
parent 757631830d
commit 57cc9eaeb1
5 changed files with 14 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/heap/heap.cc
View File

@ -2875,6 +2875,12 @@ void Heap::RightTrimFixedArray(FixedArrayBase* object, int elements_to_trim) {
void Heap::RightTrimWeakFixedArray(WeakFixedArray* object, void Heap::RightTrimWeakFixedArray(WeakFixedArray* object,
int elements_to_trim) { int elements_to_trim) {
// This function is safe to use only 1) during GC and 2) for old space
// WeakFixedArrays: 1) When marking, we record the weak slots, and shrinking
// invalidates them. 2) Scavenger might move new space WeakFixedArrays around,
// making the recorded slots collide with other objects.
DCHECK_EQ(gc_state(), MARK_COMPACT);
DCHECK(InOldSpace(object));
CreateFillerForArray<WeakFixedArray>(object, elements_to_trim, CreateFillerForArray<WeakFixedArray>(object, elements_to_trim,
elements_to_trim * kPointerSize); elements_to_trim * kPointerSize);
} }

7
src/objects.cc
View File

@ -10157,13 +10157,6 @@ bool FixedArray::IsEqualTo(FixedArray* other) {
} }
#endif #endif
void WeakFixedArray::Shrink(int new_length) {
DCHECK(0 <= new_length && new_length <= length());
if (new_length < length()) {
GetHeap()->RightTrimWeakFixedArray(this, length() - new_length);
}
}
// static // static
void FixedArrayOfWeakCells::Set(Handle<FixedArrayOfWeakCells> array, int index, void FixedArrayOfWeakCells::Set(Handle<FixedArrayOfWeakCells> array, int index,
Handle<HeapObject> value) { Handle<HeapObject> value) {

3
src/objects/fixed-array.h
View File

@ -280,9 +280,6 @@ class WeakFixedArray : public HeapObject {
inline MaybeObject** RawFieldOfElementAt(int index); inline MaybeObject** RawFieldOfElementAt(int index);
// Shrink length and insert filler objects.
void Shrink(int new_length);
DECL_PRINTER(WeakFixedArray) DECL_PRINTER(WeakFixedArray)
DECL_VERIFIER(WeakFixedArray) DECL_VERIFIER(WeakFixedArray)

2
src/transitions.cc
View File

@ -187,7 +187,6 @@ void TransitionsAccessor::Insert(Handle<Name> name, Handle<Map> target,
} }
DCHECK(insertion_index >= 0 && insertion_index <= number_of_transitions); DCHECK(insertion_index >= 0 && insertion_index <= number_of_transitions);
result->Shrink(TransitionArray::ToKeyIndex(new_nof));
result->SetNumberOfTransitions(new_nof); result->SetNumberOfTransitions(new_nof);
} }
@ -481,7 +480,6 @@ void TransitionsAccessor::EnsureHasFullTransitionArray() {
if (nof == 1) { if (nof == 1) {
if (encoding() == kUninitialized) { if (encoding() == kUninitialized) {
// If allocation caused GC and cleared the target, trim the new array. // If allocation caused GC and cleared the target, trim the new array.
result->Shrink(TransitionArray::ToKeyIndex(0));
result->SetNumberOfTransitions(0); result->SetNumberOfTransitions(0);
} else { } else {
// Otherwise populate the new array. // Otherwise populate the new array.

38
test/cctest/heap/test-heap.cc
View File

@ -5522,14 +5522,13 @@ TEST(ContinuousLeftTrimFixedArrayInBlackArea) {
heap::GcAndSweep(heap, OLD_SPACE); heap::GcAndSweep(heap, OLD_SPACE);
} }
template <typename T, typename NewFunction, typename TrimFunction> TEST(ContinuousRightTrimFixedArrayInBlackArea) {
void ContinuousRightTrimFixedArrayInBlackAreaHelper(NewFunction& new_func,
TrimFunction& trim_func) {
if (!FLAG_incremental_marking) return; if (!FLAG_incremental_marking) return;
FLAG_black_allocation = true; FLAG_black_allocation = true;
CcTest::InitializeVM(); CcTest::InitializeVM();
v8::HandleScope scope(CcTest::isolate()); v8::HandleScope scope(CcTest::isolate());
Heap* heap = CcTest::heap(); Heap* heap = CcTest::heap();
Isolate* isolate = CcTest::i_isolate();
CcTest::CollectAllGarbage(); CcTest::CollectAllGarbage();
i::MarkCompactCollector* collector = heap->mark_compact_collector(); i::MarkCompactCollector* collector = heap->mark_compact_collector();
@ -5548,10 +5547,11 @@ void ContinuousRightTrimFixedArrayInBlackAreaHelper(NewFunction& new_func,
// Ensure that we allocate a new page, set up a bump pointer area, and // Ensure that we allocate a new page, set up a bump pointer area, and
// perform the allocation in a black area. // perform the allocation in a black area.
heap::SimulateFullSpace(heap->old_space()); heap::SimulateFullSpace(heap->old_space());
new_func(10, TENURED); isolate->factory()->NewFixedArray(10, TENURED);
// Allocate the fixed array that will be trimmed later. // Allocate the fixed array that will be trimmed later.
Handle<T> array = new_func(100, TENURED); Handle<FixedArray> array =
CcTest::i_isolate()->factory()->NewFixedArray(100, TENURED);
Address start_address = array->address(); Address start_address = array->address();
Address end_address = start_address + array->Size(); Address end_address = start_address + array->Size();
Page* page = Page::FromAddress(start_address); Page* page = Page::FromAddress(start_address);
@ -5565,7 +5565,8 @@ void ContinuousRightTrimFixedArrayInBlackAreaHelper(NewFunction& new_func,
// Trim it once by one word to make checking for white marking color uniform. // Trim it once by one word to make checking for white marking color uniform.
Address previous = end_address - kPointerSize; Address previous = end_address - kPointerSize;
trim_func(*array, 1); isolate->heap()->RightTrimFixedArray(*array, 1);
HeapObject* filler = HeapObject::FromAddress(previous); HeapObject* filler = HeapObject::FromAddress(previous);
CHECK(filler->IsFiller()); CHECK(filler->IsFiller());
CHECK(marking_state->IsImpossible(filler)); CHECK(marking_state->IsImpossible(filler));
@ -5574,7 +5575,7 @@ void ContinuousRightTrimFixedArrayInBlackAreaHelper(NewFunction& new_func,
for (int i = 1; i <= 3; i++) { for (int i = 1; i <= 3; i++) {
for (int j = 0; j < 10; j++) { for (int j = 0; j < 10; j++) {
previous -= kPointerSize * i; previous -= kPointerSize * i;
trim_func(*array, i); isolate->heap()->RightTrimFixedArray(*array, i);
HeapObject* filler = HeapObject::FromAddress(previous); HeapObject* filler = HeapObject::FromAddress(previous);
CHECK(filler->IsFiller()); CHECK(filler->IsFiller());
CHECK(marking_state->IsWhite(filler)); CHECK(marking_state->IsWhite(filler));
@ -5584,29 +5585,6 @@ void ContinuousRightTrimFixedArrayInBlackAreaHelper(NewFunction& new_func,
heap::GcAndSweep(heap, OLD_SPACE); heap::GcAndSweep(heap, OLD_SPACE);
} }
TEST(ContinuousRightTrimFixedArrayInBlackArea) {
auto new_func = [](int size, PretenureFlag tenured) {
return CcTest::i_isolate()->factory()->NewFixedArray(size, tenured);
};
auto trim_func = [](FixedArray* array, int elements_to_trim) {
CcTest::i_isolate()->heap()->RightTrimFixedArray(array, elements_to_trim);
};
ContinuousRightTrimFixedArrayInBlackAreaHelper<FixedArray>(new_func,
trim_func);
}
TEST(ContinuousRightTrimWeakFixedArrayInBlackArea) {
auto new_func = [](int size, PretenureFlag tenured) {
return CcTest::i_isolate()->factory()->NewWeakFixedArray(size, tenured);
};
auto trim_func = [](WeakFixedArray* array, int elements_to_trim) {
CcTest::i_isolate()->heap()->RightTrimWeakFixedArray(array,
elements_to_trim);
};
ContinuousRightTrimFixedArrayInBlackAreaHelper<WeakFixedArray>(new_func,
trim_func);
}
TEST(Regress618958) { TEST(Regress618958) {
if (!FLAG_incremental_marking) return; if (!FLAG_incremental_marking) return;
CcTest::InitializeVM(); CcTest::InitializeVM();