From 7c5aaf0f05d7aa12a9531c423e2ca2688b3d0b1d Mon Sep 17 00:00:00 2001 From: "ishell@chromium.org" Date: Fri, 17 Apr 2015 12:20:45 +0200 Subject: [PATCH] Version 4.3.61.9 (cherry-pick) Merged 189b355a76ea5a26fba18e712f4849f0435e856b Filter out remembered slots that are at the start of an object. BUG=chromium:473174 LOG=N R=hpayer@chromium.org Review URL: https://codereview.chromium.org/1098673002 Cr-Commit-Position: refs/branch-heads/4.3@{#12} Cr-Branched-From: f5c0a23a505616796a628d64f4ffe377d1fc4bcf-refs/heads/4.3.61@{#1} Cr-Branched-From: 0a7d4f496a554028de0ab5a963c3a004e693b4cb-refs/heads/master@{#27508} --- include/v8-version.h | 2 +- src/heap/mark-compact.cc | 18 ++++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/include/v8-version.h b/include/v8-version.h index ebea533360d..1e0e50c6c87 100644 --- a/include/v8-version.h +++ b/include/v8-version.h @@ -11,7 +11,7 @@ #define V8_MAJOR_VERSION 4 #define V8_MINOR_VERSION 3 #define V8_BUILD_NUMBER 61 -#define V8_PATCH_LEVEL 8 +#define V8_PATCH_LEVEL 9 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc index 2419c619b96..4f7f61e1ee8 100644 --- a/src/heap/mark-compact.cc +++ b/src/heap/mark-compact.cc @@ -3133,7 +3133,14 @@ bool MarkCompactCollector::IsSlotInBlackObject(Page* p, Address slot, unsigned int cell_base_start_index = Bitmap::IndexToCell( Bitmap::CellAlignIndex(p->AddressToMarkbitIndex(cell_base))); - // First check if the object is in the current cell. + // Check if the slot points to the start of an object. This can happen e.g. + // when we left trim a fixed array. Such slots are invalid and we can remove + // them. + if ((cells[start_index] & index_in_cell) != 0) { + return false; + } + + // Check if the object is in the current cell. MarkBit::CellType slot_mask; if ((cells[start_index] == 0) || (base::bits::CountTrailingZeros32(cells[start_index]) > @@ -3155,23 +3162,26 @@ bool MarkCompactCollector::IsSlotInBlackObject(Page* p, Address slot, // The object is in a preceding cell. Set the mask to find any object. slot_mask = 0xffffffff; } else { + // The object start is before the the slot index. Hence, in this case the + // slot index can not be at the beginning of the cell. + CHECK(index_in_cell > 1); // We are interested in object mark bits right before the slot. slot_mask = index_in_cell - 1; } MarkBit::CellType current_cell = cells[start_index]; - DCHECK(current_cell != 0); + CHECK(current_cell != 0); // Find the last live object in the cell. unsigned int leading_zeros = base::bits::CountLeadingZeros32(current_cell & slot_mask); - DCHECK(leading_zeros != 32); + CHECK(leading_zeros != 32); unsigned int offset = Bitmap::kBitIndexMask - leading_zeros; cell_base += (start_index - cell_base_start_index) * 32 * kPointerSize; Address address = cell_base + offset * kPointerSize; HeapObject* object = HeapObject::FromAddress(address); - DCHECK(object->address() < reinterpret_cast
(slot)); + CHECK(object->address() < reinterpret_cast
(slot)); if (object->address() <= slot && (object->address() + object->Size()) > slot) { // If the slot is within the last found object in the cell, the slot is