Version 4.3.61.9 (cherry-pick)

Merged 189b355 Filter out remembered slots that are at the start of an object. BUG=chromium:473174 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/1098673002 Cr-Commit-Position: refs/branch-heads/4.3@{crosswalk-project#12} Cr-Branched-From: f5c0a23-refs/heads/4.3.61@{#1} Cr-Branched-From: 0a7d4f4-refs/heads/master@{#27508}
Bysmyyr · Apr 17, 2015 · 7c5aaf0 · 7c5aaf0
1 parent 83a30ec
commit 7c5aaf0
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 5 deletions.
diff --git a/include/v8-version.h b/include/v8-version.h
@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 4
 #define V8_MINOR_VERSION 3
 #define V8_BUILD_NUMBER 61
-#define V8_PATCH_LEVEL 8
+#define V8_PATCH_LEVEL 9
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)

diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
@@ -3133,7 +3133,14 @@ bool MarkCompactCollector::IsSlotInBlackObject(Page* p, Address slot,
   unsigned int cell_base_start_index = Bitmap::IndexToCell(
       Bitmap::CellAlignIndex(p->AddressToMarkbitIndex(cell_base)));
 
-  // First check if the object is in the current cell.
+  // Check if the slot points to the start of an object. This can happen e.g.
+  // when we left trim a fixed array. Such slots are invalid and we can remove
+  // them.
+  if ((cells[start_index] & index_in_cell) != 0) {
+    return false;
+  }
+
+  // Check if the object is in the current cell.
   MarkBit::CellType slot_mask;
   if ((cells[start_index] == 0) ||
       (base::bits::CountTrailingZeros32(cells[start_index]) >
@@ -3155,23 +3162,26 @@ bool MarkCompactCollector::IsSlotInBlackObject(Page* p, Address slot,
     // The object is in a preceding cell. Set the mask to find any object.
     slot_mask = 0xffffffff;
   } else {
+    // The object start is before the the slot index. Hence, in this case the
+    // slot index can not be at the beginning of the cell.
+    CHECK(index_in_cell > 1);
     // We are interested in object mark bits right before the slot.
     slot_mask = index_in_cell - 1;
   }
 
   MarkBit::CellType current_cell = cells[start_index];
-  DCHECK(current_cell != 0);
+  CHECK(current_cell != 0);
 
   // Find the last live object in the cell.
   unsigned int leading_zeros =
       base::bits::CountLeadingZeros32(current_cell & slot_mask);
-  DCHECK(leading_zeros != 32);
+  CHECK(leading_zeros != 32);
   unsigned int offset = Bitmap::kBitIndexMask - leading_zeros;
 
   cell_base += (start_index - cell_base_start_index) * 32 * kPointerSize;
   Address address = cell_base + offset * kPointerSize;
   HeapObject* object = HeapObject::FromAddress(address);
-  DCHECK(object->address() < reinterpret_cast<Address>(slot));
+  CHECK(object->address() < reinterpret_cast<Address>(slot));
   if (object->address() <= slot &&
       (object->address() + object->Size()) > slot) {
     // If the slot is within the last found object in the cell, the slot is