From ed37edc5c0fd9df8243099a412b984c58621faee Mon Sep 17 00:00:00 2001 From: "hpayer@chromium.org" Date: Wed, 10 Sep 2014 07:51:29 +0000 Subject: [PATCH] Remove guard page mechanism from promotion queue. BUG=chromium:411210 LOG=n R=jarin@chromium.org Review URL: https://codereview.chromium.org/557243002 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@23824 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/heap/heap-inl.h | 21 ++++----------------- src/heap/heap.cc | 12 ++++++------ src/heap/heap.h | 9 --------- src/heap/spaces.cc | 1 - test/mjsunit/regress/regress-411210.js | 18 ++++++++++++++++++ 5 files changed, 28 insertions(+), 33 deletions(-) create mode 100644 test/mjsunit/regress/regress-411210.js diff --git a/src/heap/heap-inl.h b/src/heap/heap-inl.h index 0a899d5..ba47d97 100644 --- a/src/heap/heap-inl.h +++ b/src/heap/heap-inl.h @@ -31,18 +31,12 @@ void PromotionQueue::insert(HeapObject* target, int size) { NewSpacePage::FromAddress(reinterpret_cast
(rear_)); DCHECK(!rear_page->prev_page()->is_anchor()); rear_ = reinterpret_cast(rear_page->prev_page()->area_end()); - ActivateGuardIfOnTheSamePage(); } - if (guard_) { - DCHECK(GetHeadPage() == - Page::FromAllocationTop(reinterpret_cast
(limit_))); - - if ((rear_ - 2) < limit_) { - RelocateQueueHead(); - emergency_stack_->Add(Entry(target, size)); - return; - } + if ((rear_ - 2) < limit_) { + RelocateQueueHead(); + emergency_stack_->Add(Entry(target, size)); + return; } *(--rear_) = reinterpret_cast(target); @@ -55,13 +49,6 @@ void PromotionQueue::insert(HeapObject* target, int size) { } -void PromotionQueue::ActivateGuardIfOnTheSamePage() { - guard_ = guard_ || - heap_->new_space()->active_space()->current_page()->address() == - GetHeadPage()->address(); -} - - template <> bool inline Heap::IsOneByte(Vector str, int chars) { // TODO(dcarney): incorporate Latin-1 check when Latin-1 is supported? diff --git a/src/heap/heap.cc b/src/heap/heap.cc index 1f7d878..f39ad43 100644 --- a/src/heap/heap.cc +++ b/src/heap/heap.cc @@ -1365,7 +1365,6 @@ void PromotionQueue::Initialize() { front_ = rear_ = reinterpret_cast(heap_->new_space()->ToSpaceEnd()); emergency_stack_ = NULL; - guard_ = false; } @@ -1963,15 +1962,16 @@ class ScavengingVisitor : public StaticVisitorBase { HeapObject* target = NULL; // Initialization to please compiler. if (allocation.To(&target)) { + // Order is important here: Set the promotion limit before storing a + // filler for double alignment or migrating the object. Otherwise we + // may end up overwriting promotion queue entries when we migrate the + // object. + heap->promotion_queue()->SetNewLimit(heap->new_space()->top()); + if (alignment != kObjectAlignment) { target = EnsureDoubleAligned(heap, target, allocation_size); } - // Order is important here: Set the promotion limit before migrating - // the object. Otherwise we may end up overwriting promotion queue - // entries when we migrate the object. - heap->promotion_queue()->SetNewLimit(heap->new_space()->top()); - // Order is important: slot might be inside of the target if target // was allocated over a dead object and slot comes from the store // buffer. diff --git a/src/heap/heap.h b/src/heap/heap.h index 8b4a021..8a449cb 100644 --- a/src/heap/heap.h +++ b/src/heap/heap.h @@ -383,18 +383,11 @@ class PromotionQueue { emergency_stack_ = NULL; } - inline void ActivateGuardIfOnTheSamePage(); - Page* GetHeadPage() { return Page::FromAllocationTop(reinterpret_cast
(rear_)); } void SetNewLimit(Address limit) { - if (!guard_) { - return; - } - - DCHECK(GetHeadPage() == Page::FromAllocationTop(limit)); limit_ = reinterpret_cast(limit); if (limit_ <= rear_) { @@ -451,8 +444,6 @@ class PromotionQueue { intptr_t* rear_; intptr_t* limit_; - bool guard_; - static const int kEntrySizeInWords = 2; struct Entry { diff --git a/src/heap/spaces.cc b/src/heap/spaces.cc index ca09073..b762f86 100644 --- a/src/heap/spaces.cc +++ b/src/heap/spaces.cc @@ -1360,7 +1360,6 @@ bool NewSpace::AddFreshPage() { Address limit = NewSpacePage::FromLimit(top)->area_end(); if (heap()->gc_state() == Heap::SCAVENGE) { heap()->promotion_queue()->SetNewLimit(limit); - heap()->promotion_queue()->ActivateGuardIfOnTheSamePage(); } int remaining_in_page = static_cast(limit - top); diff --git a/test/mjsunit/regress/regress-411210.js b/test/mjsunit/regress/regress-411210.js new file mode 100644 index 0000000..bb9d3a5 --- /dev/null +++ b/test/mjsunit/regress/regress-411210.js @@ -0,0 +1,18 @@ +// Copyright 2014 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --allow-natives-syntax --gc-interval=439 --random-seed=-423594851 + +var __v_3; +function __f_2() { + var __v_1 = new Array(3); + __v_1[0] = 10; + __v_1[1] = 15.5; + __v_3 = __f_2(); + __v_1[2] = 20; + return __v_1; +} +for (var __v_2 = 0; __v_2 < 3; ++__v_2) { + __v_3 = __f_2(); +} -- 2.7.4