[heap] Fix race when setting aborted compaction flag

When compaction is aborted we used to remember this in a data structure and in a flag on the page that was set by the compacting thread. Setting the flag races with other threads recording old-to-old slots and thus checking the page's flags. Since we already record the page in a data structure, we can delay setting the flag on the page until post processing aborted compaction pages right after the evacuation phase. Bug: v8:7125 Change-Id: I20d109f0f69cf8eab90ed355c113abc6a2f606da Reviewed-on: https://chromium-review.googlesource.com/789931 Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#49625}
2017-11-27 08:30:21 +01:00 · 2017-11-27 08:30:21 +01:00 · 7270208467
commit 7270208467
parent 2457b385dc
1 changed files with 1 additions and 2 deletions
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@ -4401,7 +4401,6 @@ void MarkCompactCollector::ReportAbortedEvacuationCandidate(
    HeapObject* failed_object, Page* page) {
  base::LockGuard<base::Mutex> guard(&mutex_);

-  page->SetFlag(Page::COMPACTION_WAS_ABORTED);
  aborted_evacuation_candidates_.push_back(std::make_pair(failed_object, page));
 }

@ -4409,7 +4408,7 @@ void MarkCompactCollector::PostProcessEvacuationCandidates() {
  for (auto object_and_page : aborted_evacuation_candidates_) {
    HeapObject* failed_object = object_and_page.first;
    Page* page = object_and_page.second;
-    DCHECK(page->IsFlagSet(Page::COMPACTION_WAS_ABORTED));
+    page->SetFlag(Page::COMPACTION_WAS_ABORTED);
    // Aborted compaction page. We have to record slots here, since we
    // might not have recorded them in first place.