AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[Heap] Only reset JSFunctions that have been flushed in the old space

Browse Source 
A JSFunction that is in the old space could move during a scavenge
between being marked and the ClearFlushedJSFunctions, therefore only add
candidates that are in the old generation.

BUG=v8:8755,v8:8395

Change-Id: I3850188e8a0f9f39de994e170b4cda4fe6961079
Reviewed-on: https://chromium-review.googlesource.com/c/1448277
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59281}
This commit is contained in:
Ross McIlroy 2019-02-01 10:14:18 +00:00 committed by Commit Bot
parent 0c34e2fe77
commit 9c2dff0a09
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/heap/incremental-marking.cc
View File

@ -670,6 +670,18 @@ void IncrementalMarking::UpdateWeakReferencesAfterScavenge() {
weak_objects_->current_ephemerons.Update(ephemeron_updater);
weak_objects_->next_ephemerons.Update(ephemeron_updater);
weak_objects_->discovered_ephemerons.Update(ephemeron_updater);
weak_objects_->flushed_js_functions.Update(
[](JSFunction slot_in, JSFunction* slot_out) -> bool {
JSFunction forwarded = ForwardingAddress(slot_in);
if (!forwarded.is_null()) {
*slot_out = forwarded;
return true;
}
return false;
});
#ifdef DEBUG
weak_objects_->bytecode_flushing_candidates.Iterate(
[](SharedFunctionInfo candidate) {