Fix filtering of store buffer for large object pages.

Our Heap::FreeQueuedChunks generates fake inner chunks in large object pages queued for freeing, so that StoreBuffer::Filter can recognize them as pages to be freed. This also relies on MemoryChunk::Contains to work properly, which is why the size field needs to be initialized as well. R=vegorov@chromium.org BUG=v8:1817 TEST=mozilla/js1_5/Regress/regress-360969-05 Review URL: http://codereview.chromium.org/8536009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-11 09:45:12 +00:00 · 2011-11-11 09:45:12 +00:00 · 9dcf002f31
commit 9dcf002f31
parent 58870fa9e5
3 changed files with 8 additions and 7 deletions
--- a/src/heap.cc
+++ b/src/heap.cc
@ -6434,8 +6434,8 @@ void Heap::FreeQueuedChunks() {
      // it try to perform a search in the list of pages owned by of the large
      // object space and queued chunks were detached from that list.
      // To work around this we split large chunk into normal kPageSize aligned
-      // pieces and initialize owner field and flags of every piece.
-      // If FromAnyPointerAddress encounteres a slot that belongs to one of
+      // pieces and initialize size, owner and flags field of every piece.
+      // If FromAnyPointerAddress encounters a slot that belongs to one of
      // these smaller pieces it will treat it as a slot on a normal Page.
      MemoryChunk* inner = MemoryChunk::FromAddress(
          chunk->address() + Page::kPageSize);
@ -6443,8 +6443,9 @@ void Heap::FreeQueuedChunks() {
          chunk->address() + chunk->size() - 1);
      while (inner <= inner_last) {
        // Size of a large chunk is always a multiple of
-        // OS::AllocationAlignment() so there is always
+        // MemoryChunk::kAlignment so there is always
        // enough space for a fake MemoryChunk header.
+        inner->set_size(Page::kPageSize);
        inner->set_owner(lo_space());
        inner->SetFlag(MemoryChunk::ABOUT_TO_BE_FREED);
        inner = MemoryChunk::FromAddress(
--- a/src/spaces.h
+++ b/src/spaces.h
@ -504,6 +504,10 @@ class MemoryChunk {

  size_t size() const { return size_; }

+  void set_size(size_t size) {
+    size_ = size;
+  }
+
  Executability executable() {
    return IsFlagSet(IS_EXECUTABLE) ? EXECUTABLE : NOT_EXECUTABLE;
  }
--- a/test/mozilla/mozilla.status
+++ b/test/mozilla/mozilla.status
@ -48,10 +48,6 @@ def FAIL_OK = FAIL, OKAY

 ##################### SKIPPED TESTS #####################

-# Skip one test until we figure out what is causing the regression.
-# http://code.google.com/p/v8/issues/detail?id=1817
-js1_5/Regress/regress-360969-05: SKIP
-
 # This test checks that we behave properly in an out-of-memory
 # situation.  The test fails in V8 with an exception and takes a long
 # time to do so.