From: mstarzinger@chromium.org Date: Fri, 11 Nov 2011 09:45:12 +0000 (+0000) Subject: Fix filtering of store buffer for large object pages. X-Git-Tag: upstream/4.7.83~17933 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9dcf002f31089455ae819c4dd88e898594e0ad4f;p=platform%2Fupstream%2Fv8.git Fix filtering of store buffer for large object pages. Our Heap::FreeQueuedChunks generates fake inner chunks in large object pages queued for freeing, so that StoreBuffer::Filter can recognize them as pages to be freed. This also relies on MemoryChunk::Contains to work properly, which is why the size field needs to be initialized as well. R=vegorov@chromium.org BUG=v8:1817 TEST=mozilla/js1_5/Regress/regress-360969-05 Review URL: http://codereview.chromium.org/8536009 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- diff --git a/src/heap.cc b/src/heap.cc index be8dfec..c070299 100644 --- a/src/heap.cc +++ b/src/heap.cc @@ -6434,8 +6434,8 @@ void Heap::FreeQueuedChunks() { // it try to perform a search in the list of pages owned by of the large // object space and queued chunks were detached from that list. // To work around this we split large chunk into normal kPageSize aligned - // pieces and initialize owner field and flags of every piece. - // If FromAnyPointerAddress encounteres a slot that belongs to one of + // pieces and initialize size, owner and flags field of every piece. + // If FromAnyPointerAddress encounters a slot that belongs to one of // these smaller pieces it will treat it as a slot on a normal Page. MemoryChunk* inner = MemoryChunk::FromAddress( chunk->address() + Page::kPageSize); @@ -6443,8 +6443,9 @@ void Heap::FreeQueuedChunks() { chunk->address() + chunk->size() - 1); while (inner <= inner_last) { // Size of a large chunk is always a multiple of - // OS::AllocationAlignment() so there is always + // MemoryChunk::kAlignment so there is always // enough space for a fake MemoryChunk header. + inner->set_size(Page::kPageSize); inner->set_owner(lo_space()); inner->SetFlag(MemoryChunk::ABOUT_TO_BE_FREED); inner = MemoryChunk::FromAddress( diff --git a/src/spaces.h b/src/spaces.h index b1cfd8b..8a05659 100644 --- a/src/spaces.h +++ b/src/spaces.h @@ -504,6 +504,10 @@ class MemoryChunk { size_t size() const { return size_; } + void set_size(size_t size) { + size_ = size; + } + Executability executable() { return IsFlagSet(IS_EXECUTABLE) ? EXECUTABLE : NOT_EXECUTABLE; } diff --git a/test/mozilla/mozilla.status b/test/mozilla/mozilla.status index 7d8741c..e31a630 100644 --- a/test/mozilla/mozilla.status +++ b/test/mozilla/mozilla.status @@ -48,10 +48,6 @@ def FAIL_OK = FAIL, OKAY ##################### SKIPPED TESTS ##################### -# Skip one test until we figure out what is causing the regression. -# http://code.google.com/p/v8/issues/detail?id=1817 -js1_5/Regress/regress-360969-05: SKIP - # This test checks that we behave properly in an out-of-memory # situation. The test fails in V8 with an exception and takes a long # time to do so.