From 72702084679564ece8ce20875de5df9329edd604 Mon Sep 17 00:00:00 2001 From: Michael Lippautz Date: Mon, 27 Nov 2017 08:30:21 +0100 Subject: [PATCH] [heap] Fix race when setting aborted compaction flag When compaction is aborted we used to remember this in a data structure and in a flag on the page that was set by the compacting thread. Setting the flag races with other threads recording old-to-old slots and thus checking the page's flags. Since we already record the page in a data structure, we can delay setting the flag on the page until post processing aborted compaction pages right after the evacuation phase. Bug: v8:7125 Change-Id: I20d109f0f69cf8eab90ed355c113abc6a2f606da Reviewed-on: https://chromium-review.googlesource.com/789931 Reviewed-by: Ulan Degenbaev Commit-Queue: Michael Lippautz Cr-Commit-Position: refs/heads/master@{#49625} --- src/heap/mark-compact.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc index 923e15d911..3b7a2f7fb0 100644 --- a/src/heap/mark-compact.cc +++ b/src/heap/mark-compact.cc @@ -4401,7 +4401,6 @@ void MarkCompactCollector::ReportAbortedEvacuationCandidate( HeapObject* failed_object, Page* page) { base::LockGuard guard(&mutex_); - page->SetFlag(Page::COMPACTION_WAS_ABORTED); aborted_evacuation_candidates_.push_back(std::make_pair(failed_object, page)); } @@ -4409,7 +4408,7 @@ void MarkCompactCollector::PostProcessEvacuationCandidates() { for (auto object_and_page : aborted_evacuation_candidates_) { HeapObject* failed_object = object_and_page.first; Page* page = object_and_page.second; - DCHECK(page->IsFlagSet(Page::COMPACTION_WAS_ABORTED)); + page->SetFlag(Page::COMPACTION_WAS_ABORTED); // Aborted compaction page. We have to record slots here, since we // might not have recorded them in first place.