From: mstarzinger@chromium.org Date: Mon, 11 Feb 2013 15:11:00 +0000 (+0000) Subject: Fix code flusher disabling while marking incrementally. X-Git-Tag: upstream/4.7.83~15108 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9bb68394a0095fd211e462d3b9e47f1a48858550;p=platform%2Fupstream%2Fv8.git Fix code flusher disabling while marking incrementally. This fixes a corner case where the code flusher is disabled while the incremental marker is still running. This can happen when the debugger is loaded and a scavenge is triggered. Make sure that all flushing decisions are revisited after the candidates lists are evicted. R=hpayer@chromium.org BUG=chromium:173458,chromium:168582 TEST=cctest/test-heap/Regress173458 Review URL: https://codereview.chromium.org/12217108 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13641 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- diff --git a/src/mark-compact.cc b/src/mark-compact.cc index 5dcc7af63..f08dfd88e 100644 --- a/src/mark-compact.cc +++ b/src/mark-compact.cc @@ -1104,17 +1104,14 @@ void CodeFlusher::EvictCandidate(JSFunction* function) { void CodeFlusher::EvictJSFunctionCandidates() { - Object* undefined = isolate_->heap()->undefined_value(); - JSFunction* candidate = jsfunction_candidates_head_; JSFunction* next_candidate; while (candidate != NULL) { next_candidate = GetNextCandidate(candidate); - ClearNextCandidate(candidate, undefined); + EvictCandidate(candidate); candidate = next_candidate; } - - jsfunction_candidates_head_ = NULL; + ASSERT(jsfunction_candidates_head_ == NULL); } @@ -1123,11 +1120,10 @@ void CodeFlusher::EvictSharedFunctionInfoCandidates() { SharedFunctionInfo* next_candidate; while (candidate != NULL) { next_candidate = GetNextCandidate(candidate); - ClearNextCandidate(candidate); + EvictCandidate(candidate); candidate = next_candidate; } - - shared_function_info_candidates_head_ = NULL; + ASSERT(shared_function_info_candidates_head_ == NULL); } diff --git a/test/cctest/test-heap.cc b/test/cctest/test-heap.cc index adfe0174d..648d7ebe1 100644 --- a/test/cctest/test-heap.cc +++ b/test/cctest/test-heap.cc @@ -2837,3 +2837,54 @@ TEST(Regress168801) { HEAP->CollectAllGarbage(Heap::kNoGCFlags); HEAP->CollectAllGarbage(Heap::kNoGCFlags); } + + +TEST(Regress173458) { + i::FLAG_always_compact = true; + i::FLAG_cache_optimized_code = false; + i::FLAG_allow_natives_syntax = true; + i::FLAG_flush_code_incrementally = true; + InitializeVM(); + v8::HandleScope scope; + + // Perform one initial GC to enable code flushing. + HEAP->CollectAllGarbage(Heap::kAbortIncrementalMarkingMask); + + // Ensure the code ends up on an evacuation candidate. + SimulateFullSpace(HEAP->code_space()); + + // Prepare an unoptimized function that is eligible for code flushing. + Handle function; + { + HandleScope inner_scope; + CompileRun("function mkClosure() {" + " return function(x) { return x + 1; };" + "}" + "var f = mkClosure();" + "f(1); f(2);"); + + Handle f = + v8::Utils::OpenHandle( + *v8::Handle::Cast( + v8::Context::GetCurrent()->Global()->Get(v8_str("f")))); + CHECK(f->is_compiled()); + const int kAgingThreshold = 6; + for (int i = 0; i < kAgingThreshold; i++) { + f->shared()->code()->MakeOlder(static_cast(i % 2)); + } + + function = inner_scope.CloseAndEscape(handle(*f, ISOLATE)); + } + + // Simulate incremental marking so that unoptimized function is enqueued as a + // candidate for code flushing. The shared function info however will not be + // explicitly enqueued. + SimulateIncrementalMarking(); + + // Now enable the debugger which in turn will disable code flushing. + CHECK(ISOLATE->debug()->Load()); + + // This cycle will bust the heap and subsequent cycles will go ballistic. + HEAP->CollectAllGarbage(Heap::kNoGCFlags); + HEAP->CollectAllGarbage(Heap::kNoGCFlags); +}