• Dominik Inführ's avatar
    [heap] Fix failing DCHECK with original_top < top · ca448997
    Dominik Inführ authored
    The problem here was that IncrementalMarking::Step was invoking
    new_space()->ResetOriginalTop() which sets original_top to the current
    top. IncrementalMarking::Step could be invoked during
    InvokeAllocationObservers(), which is called right after acquiring a
    new LAB and allocating the first object in it. However this first
    allocation might be from generated code with allocation folding enabled.
    The generated code might not use all of the memory it allocated and in
    that process move top backwards again. Nevertheless
    InvokeAllocationObservers() could already set original_top to the
    current top. If the generated code later not uses all of that
    memory, original_top can be bigger than top.
    
    Fix this problem by ensuring that original_top always equals the LAB
    start. Each time LAB start is moved/accounted for, original_top is now
    updated as well for the new space. Also IncrementalMarking::Step()
    isn't allowed to move original_top anymore.
    
    Bug: chromium:1116278, v8:10315
    Change-Id: Ib18a0b07e2665b8ba933555387b84329cbecdf5b
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398519Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
    Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
    Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#69840}
    ca448997
stack-guard.cc 10.6 KB