Commit 0738b224 authored by Omer Katz's avatar Omer Katz Committed by Commit Bot

cppgc: Fix in-construction object tracing

This CL fixes 2 issues:
1) Objects should be unmarked when pushed to in-construction objects
worklist by the write barrier. Otherwise tracing will bailout on them.
2) When finalizing with stack, in-construction objects may still be
unmarked.

Bug: v8:10989
Change-Id: I60707c70a221df59172596ab06ebf6a087270595
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2450014Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70343}
parent e2ce0ade
......@@ -385,7 +385,7 @@ void MarkerBase::MarkNotFullyConstructedObjects() {
mutator_marking_state_.not_fully_constructed_worklist().Extract();
for (HeapObjectHeader* object : objects) {
DCHECK(object);
DCHECK(object->IsMarked<HeapObjectHeader::AccessMode::kNonAtomic>());
if (!mutator_marking_state_.MarkNoPush(*object)) continue;
// TraceConservativelyIfNeeded will either push to a worklist
// or trace conservatively and call AccountMarkedBytes.
conservative_visitor().TraceConservativelyIfNeeded(*object);
......
......@@ -37,6 +37,11 @@ void MarkValue(const BasePage* page, MarkerBase* marker, const void* value) {
if (V8_UNLIKELY(
header
.IsInConstruction<HeapObjectHeader::AccessMode::kNonAtomic>())) {
// In construction objects are traced only if they are unmarked. If marking
// reaches this object again when it is fully constructed, it will re-mark
// it and tracing it as a previously not fully constructed object would know
// to bail out.
header.Unmark<HeapObjectHeader::AccessMode::kAtomic>();
marker->WriteBarrierForInConstructionObject(header);
return;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment