From 9dcf002f31089455ae819c4dd88e898594e0ad4f Mon Sep 17 00:00:00 2001
From: "mstarzinger@chromium.org"
 <mstarzinger@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Fri, 11 Nov 2011 09:45:12 +0000
Subject: [PATCH] Fix filtering of store buffer for large object pages.

Our Heap::FreeQueuedChunks generates fake inner chunks in large object
pages queued for freeing, so that StoreBuffer::Filter can recognize them
as pages to be freed. This also relies on MemoryChunk::Contains to work
properly, which is why the size field needs to be initialized as well.

R=vegorov@chromium.org
BUG=v8:1817
TEST=mozilla/js1_5/Regress/regress-360969-05

Review URL: http://codereview.chromium.org/8536009

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/heap.cc                 | 7 ++++---
 src/spaces.h                | 4 ++++
 test/mozilla/mozilla.status | 4 ----
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/heap.cc b/src/heap.cc
index be8dfec..c070299 100644
--- a/src/heap.cc
+++ b/src/heap.cc
@@ -6434,8 +6434,8 @@ void Heap::FreeQueuedChunks() {
       // it try to perform a search in the list of pages owned by of the large
       // object space and queued chunks were detached from that list.
       // To work around this we split large chunk into normal kPageSize aligned
-      // pieces and initialize owner field and flags of every piece.
-      // If FromAnyPointerAddress encounteres a slot that belongs to one of
+      // pieces and initialize size, owner and flags field of every piece.
+      // If FromAnyPointerAddress encounters a slot that belongs to one of
       // these smaller pieces it will treat it as a slot on a normal Page.
       MemoryChunk* inner = MemoryChunk::FromAddress(
           chunk->address() + Page::kPageSize);
@@ -6443,8 +6443,9 @@ void Heap::FreeQueuedChunks() {
           chunk->address() + chunk->size() - 1);
       while (inner <= inner_last) {
         // Size of a large chunk is always a multiple of
-        // OS::AllocationAlignment() so there is always
+        // MemoryChunk::kAlignment so there is always
         // enough space for a fake MemoryChunk header.
+        inner->set_size(Page::kPageSize);
         inner->set_owner(lo_space());
         inner->SetFlag(MemoryChunk::ABOUT_TO_BE_FREED);
         inner = MemoryChunk::FromAddress(
diff --git a/src/spaces.h b/src/spaces.h
index b1cfd8b..8a05659 100644
--- a/src/spaces.h
+++ b/src/spaces.h
@@ -504,6 +504,10 @@ class MemoryChunk {
 
   size_t size() const { return size_; }
 
+  void set_size(size_t size) {
+    size_ = size;
+  }
+
   Executability executable() {
     return IsFlagSet(IS_EXECUTABLE) ? EXECUTABLE : NOT_EXECUTABLE;
   }
diff --git a/test/mozilla/mozilla.status b/test/mozilla/mozilla.status
index 7d8741c..e31a630 100644
--- a/test/mozilla/mozilla.status
+++ b/test/mozilla/mozilla.status
@@ -48,10 +48,6 @@ def FAIL_OK = FAIL, OKAY
 
 ##################### SKIPPED TESTS #####################
 
-# Skip one test until we figure out what is causing the regression.
-# http://code.google.com/p/v8/issues/detail?id=1817
-js1_5/Regress/regress-360969-05: SKIP
-
 # This test checks that we behave properly in an out-of-memory
 # situation.  The test fails in V8 with an exception and takes a long
 # time to do so.
-- 
2.7.4