[in-place weak refs] Remove WeakFixedArray::Shrink.

WeakFixedArray::Shrink is fragile when not used properly (might invalidate GC
bookeeping (location of weak slots)).

BUG=v8:7308

Change-Id: Id84329e2a78907f5f0bfafae32fc2a71b77edbe7
Reviewed-on: https://chromium-review.googlesource.com/1076236
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53410}
This commit is contained in:
Marja Hölttä 2018-05-29 15:06:17 +02:00 committed by Commit Bot
parent 757631830d
commit 57cc9eaeb1
5 changed files with 14 additions and 42 deletions

View File

@ -2875,6 +2875,12 @@ void Heap::RightTrimFixedArray(FixedArrayBase* object, int elements_to_trim) {
void Heap::RightTrimWeakFixedArray(WeakFixedArray* object,
int elements_to_trim) {
// This function is safe to use only 1) during GC and 2) for old space
// WeakFixedArrays: 1) When marking, we record the weak slots, and shrinking
// invalidates them. 2) Scavenger might move new space WeakFixedArrays around,
// making the recorded slots collide with other objects.
DCHECK_EQ(gc_state(), MARK_COMPACT);
DCHECK(InOldSpace(object));
CreateFillerForArray<WeakFixedArray>(object, elements_to_trim,
elements_to_trim * kPointerSize);
}

View File

@ -10157,13 +10157,6 @@ bool FixedArray::IsEqualTo(FixedArray* other) {
}
#endif
void WeakFixedArray::Shrink(int new_length) {
DCHECK(0 <= new_length && new_length <= length());
if (new_length < length()) {
GetHeap()->RightTrimWeakFixedArray(this, length() - new_length);
}
}
// static
void FixedArrayOfWeakCells::Set(Handle<FixedArrayOfWeakCells> array, int index,
Handle<HeapObject> value) {

View File

@ -280,9 +280,6 @@ class WeakFixedArray : public HeapObject {
inline MaybeObject** RawFieldOfElementAt(int index);
// Shrink length and insert filler objects.
void Shrink(int new_length);
DECL_PRINTER(WeakFixedArray)
DECL_VERIFIER(WeakFixedArray)

View File

@ -187,7 +187,6 @@ void TransitionsAccessor::Insert(Handle<Name> name, Handle<Map> target,
}
DCHECK(insertion_index >= 0 && insertion_index <= number_of_transitions);
result->Shrink(TransitionArray::ToKeyIndex(new_nof));
result->SetNumberOfTransitions(new_nof);
}
@ -481,7 +480,6 @@ void TransitionsAccessor::EnsureHasFullTransitionArray() {
if (nof == 1) {
if (encoding() == kUninitialized) {
// If allocation caused GC and cleared the target, trim the new array.
result->Shrink(TransitionArray::ToKeyIndex(0));
result->SetNumberOfTransitions(0);
} else {
// Otherwise populate the new array.

View File

@ -5522,14 +5522,13 @@ TEST(ContinuousLeftTrimFixedArrayInBlackArea) {
heap::GcAndSweep(heap, OLD_SPACE);
}
template <typename T, typename NewFunction, typename TrimFunction>
void ContinuousRightTrimFixedArrayInBlackAreaHelper(NewFunction& new_func,
TrimFunction& trim_func) {
TEST(ContinuousRightTrimFixedArrayInBlackArea) {
if (!FLAG_incremental_marking) return;
FLAG_black_allocation = true;
CcTest::InitializeVM();
v8::HandleScope scope(CcTest::isolate());
Heap* heap = CcTest::heap();
Isolate* isolate = CcTest::i_isolate();
CcTest::CollectAllGarbage();
i::MarkCompactCollector* collector = heap->mark_compact_collector();
@ -5548,10 +5547,11 @@ void ContinuousRightTrimFixedArrayInBlackAreaHelper(NewFunction& new_func,
// Ensure that we allocate a new page, set up a bump pointer area, and
// perform the allocation in a black area.
heap::SimulateFullSpace(heap->old_space());
new_func(10, TENURED);
isolate->factory()->NewFixedArray(10, TENURED);
// Allocate the fixed array that will be trimmed later.
Handle<T> array = new_func(100, TENURED);
Handle<FixedArray> array =
CcTest::i_isolate()->factory()->NewFixedArray(100, TENURED);
Address start_address = array->address();
Address end_address = start_address + array->Size();
Page* page = Page::FromAddress(start_address);
@ -5565,7 +5565,8 @@ void ContinuousRightTrimFixedArrayInBlackAreaHelper(NewFunction& new_func,
// Trim it once by one word to make checking for white marking color uniform.
Address previous = end_address - kPointerSize;
trim_func(*array, 1);
isolate->heap()->RightTrimFixedArray(*array, 1);
HeapObject* filler = HeapObject::FromAddress(previous);
CHECK(filler->IsFiller());
CHECK(marking_state->IsImpossible(filler));
@ -5574,7 +5575,7 @@ void ContinuousRightTrimFixedArrayInBlackAreaHelper(NewFunction& new_func,
for (int i = 1; i <= 3; i++) {
for (int j = 0; j < 10; j++) {
previous -= kPointerSize * i;
trim_func(*array, i);
isolate->heap()->RightTrimFixedArray(*array, i);
HeapObject* filler = HeapObject::FromAddress(previous);
CHECK(filler->IsFiller());
CHECK(marking_state->IsWhite(filler));
@ -5584,29 +5585,6 @@ void ContinuousRightTrimFixedArrayInBlackAreaHelper(NewFunction& new_func,
heap::GcAndSweep(heap, OLD_SPACE);
}
TEST(ContinuousRightTrimFixedArrayInBlackArea) {
auto new_func = [](int size, PretenureFlag tenured) {
return CcTest::i_isolate()->factory()->NewFixedArray(size, tenured);
};
auto trim_func = [](FixedArray* array, int elements_to_trim) {
CcTest::i_isolate()->heap()->RightTrimFixedArray(array, elements_to_trim);
};
ContinuousRightTrimFixedArrayInBlackAreaHelper<FixedArray>(new_func,
trim_func);
}
TEST(ContinuousRightTrimWeakFixedArrayInBlackArea) {
auto new_func = [](int size, PretenureFlag tenured) {
return CcTest::i_isolate()->factory()->NewWeakFixedArray(size, tenured);
};
auto trim_func = [](WeakFixedArray* array, int elements_to_trim) {
CcTest::i_isolate()->heap()->RightTrimWeakFixedArray(array,
elements_to_trim);
};
ContinuousRightTrimFixedArrayInBlackAreaHelper<WeakFixedArray>(new_func,
trim_func);
}
TEST(Regress618958) {
if (!FLAG_incremental_marking) return;
CcTest::InitializeVM();